-
Notifications
You must be signed in to change notification settings - Fork 23
/
ScopeClaimPermissionHandler.cs
34 lines (28 loc) · 1.09 KB
/
ScopeClaimPermissionHandler.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
using System.Security.Claims;
namespace SimpleAuthentication.Permissions;
/// <summary>
/// Checks for permissions reading the <em>scope</em> claim of the <seealso cref="ClaimsPrincipal"/> that represents the current user.
/// </summary>
/// <seealso cref="ClaimsPrincipal"/>
/// <seealso cref="Claim"/>
public class ScopeClaimPermissionHandler : IPermissionHandler
{
private const string Scp = "scp";
private const string Scope = "http://schemas.microsoft.com/identity/claims/scope";
/// <inheritdoc/>
public Task<bool> IsGrantedAsync(ClaimsPrincipal user, IEnumerable<string> permissions)
{
bool isGranted;
if (!permissions?.Any() ?? true)
{
isGranted = true;
}
else
{
var scopeClaims = user.FindAll(Scp).Union(user.FindAll(Scope)).ToList();
var scopes = scopeClaims.SelectMany(s => s.Value.Split(' ', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries));
isGranted = scopes.Intersect(permissions!).Any();
}
return Task.FromResult(isGranted);
}
}