#969 Make social auth claims mapping more configurable

Author: Tratcher

samples/SocialSample/Startup.cs

@@ -112,7 +112,7 @@ public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
 
             // You must first create an app with GitHub and add its ID and Secret to your user-secrets.
             // https://console.developers.google.com/project
-            app.UseGoogleAuthentication(new GoogleOptions
+            var googleOptions = new GoogleOptions
             {
                 ClientId = Configuration["google:clientid"],
                 ClientSecret = Configuration["google:clientsecret"],
@@ -126,7 +126,10 @@ public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
                         return Task.FromResult(0);
                     }
                 }
-            });
+            };
+            googleOptions.ClaimResolvers.AddNested("urn:google:image", "image", "url");
+            googleOptions.ClaimResolvers.Remove(ClaimTypes.GivenName);
+            app.UseGoogleAuthentication(googleOptions);
 
             // You must first create an app with Twitter and add its key and Secret to your user-secrets.
             // https://apps.twitter.com/
@@ -357,7 +360,7 @@ public void Configure(IApplicationBuilder app, ILoggerFactory loggerfactory)
                 }
 
                 await context.Response.WriteAsync("Tokens:<br>");
-                
+
                 await context.Response.WriteAsync("Access Token: " + await context.Authentication.GetTokenAsync("access_token") + "<br>");
                 await context.Response.WriteAsync("Refresh Token: " + await context.Authentication.GetTokenAsync("refresh_token") + "<br>");
                 await context.Response.WriteAsync("Token Type: " + await context.Authentication.GetTokenAsync("token_type") + "<br>");

src/Microsoft.AspNetCore.Authentication.Google/GoogleHandler.cs

@@ -43,40 +43,9 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync(
             var ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
             var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
 
-            var identifier = GoogleHelper.GetId(payload);
-            if (!string.IsNullOrEmpty(identifier))
+            foreach (var map in Options.ClaimResolvers)
             {
-                identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var givenName = GoogleHelper.GetGivenName(payload);
-            if (!string.IsNullOrEmpty(givenName))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.GivenName, givenName, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var familyName = GoogleHelper.GetFamilyName(payload);
-            if (!string.IsNullOrEmpty(familyName))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Surname, familyName, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var name = GoogleHelper.GetName(payload);
-            if (!string.IsNullOrEmpty(name))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var email = GoogleHelper.GetEmail(payload);
-            if (!string.IsNullOrEmpty(email))
-            {
-                identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
-            }
-
-            var profile = GoogleHelper.GetProfile(payload);
-            if (!string.IsNullOrEmpty(profile))
-            {
-                identity.AddClaim(new Claim("urn:google:profile", profile, ClaimValueTypes.String, Options.ClaimsIssuer));
+                map.Apply(payload, identity, Options.ClaimsIssuer);
             }
 
             await Options.Events.CreatingTicket(context);

src/Microsoft.AspNetCore.Authentication.Google/GoogleHelper.cs

@@ -12,71 +12,6 @@ namespace Microsoft.AspNetCore.Authentication.Google
     /// </summary>
     public static class GoogleHelper
     {
-        /// <summary>
-        /// Gets the Google user ID.
-        /// </summary>
-        public static string GetId(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("id");
-        }
-
-        /// <summary>
-        /// Gets the user's name.
-        /// </summary>
-        public static string GetName(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("displayName");
-        }
-
-        /// <summary>
-        /// Gets the user's given name.
-        /// </summary>
-        public static string GetGivenName(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return TryGetValue(user, "name", "givenName");
-        }
-
-        /// <summary>
-        /// Gets the user's family name.
-        /// </summary>
-        public static string GetFamilyName(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return TryGetValue(user, "name", "familyName");
-        }
-
-        /// <summary>
-        /// Gets the user's profile link.
-        /// </summary>
-        public static string GetProfile(JObject user)
-        {
-            if (user == null)
-            {
-                throw new ArgumentNullException(nameof(user));
-            }
-
-            return user.Value<string>("url");
-        }
-
         /// <summary>
         /// Gets the user's email.
         /// </summary>
@@ -90,21 +25,6 @@ public static string GetEmail(JObject user)
             return TryGetFirstValue(user, "emails", "value");
         }
 
-        // Get the given subProperty from a property.
-        private static string TryGetValue(JObject user, string propertyName, string subProperty)
-        {
-            JToken value;
-            if (user.TryGetValue(propertyName, out value))
-            {
-                var subObject = JObject.Parse(value.ToString());
-                if (subObject != null && subObject.TryGetValue(subProperty, out value))
-                {
-                    return value.ToString();
-                }
-            }
-            return null;
-        }
-
         // Get the given subProperty from a list property.
         private static string TryGetFirstValue(JObject user, string propertyName, string subProperty)
         {

src/Microsoft.AspNetCore.Authentication.Google/GoogleOptions.cs

@@ -1,6 +1,8 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Google;
 using Microsoft.AspNetCore.Http;
 
@@ -25,6 +27,13 @@ public GoogleOptions()
             Scope.Add("openid");
             Scope.Add("profile");
             Scope.Add("email");
+
+            ClaimResolvers.Add(ClaimTypes.NameIdentifier, "id");
+            ClaimResolvers.Add(ClaimTypes.Name, "displayName");
+            ClaimResolvers.AddNested(ClaimTypes.GivenName, "name", "givenName");
+            ClaimResolvers.AddNested(ClaimTypes.Surname, "name", "familyName");
+            ClaimResolvers.Add("urn:google:profile", "url");
+            ClaimResolvers.AddCustom(ClaimTypes.Email, GoogleHelper.GetEmail);
         }
 
         /// <summary>

src/Microsoft.AspNetCore.Authentication.OAuth/CustomJsonClaimResolver.cs

@@ -0,0 +1,29 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNetCore.Authentication.OAuth
+{
+    public class CustomJsonClaimResolver : ClaimResolver<JObject>
+    {
+        public CustomJsonClaimResolver(string claimName, string claimType, Func<JObject, string> resolver)
+            : base(claimName, claimType)
+        {
+            Resolver = resolver;
+        }
+
+        public Func<JObject, string> Resolver { get; set; }
+
+        public override void Apply(JObject data, ClaimsIdentity identity, string issuer)
+        {
+            var value = Resolver(data);
+            if (!string.IsNullOrEmpty(value))
+            {
+                identity.AddClaim(new Claim(ClaimName, value, ClaimType, issuer));
+            }
+        }
+    }
+}

src/Microsoft.AspNetCore.Authentication.OAuth/JsonClaimResolver.cs

@@ -0,0 +1,28 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Security.Claims;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNetCore.Authentication.OAuth
+{
+    public class JsonClaimResolver : ClaimResolver<JObject>
+    {
+        public JsonClaimResolver(string claimName, string claimType, string jsonKey)
+            : base(claimName, claimType)
+        {
+            JsonKey = jsonKey;
+        }
+
+        public string JsonKey { get; }
+
+        public override void Apply(JObject data, ClaimsIdentity identity, string issuer)
+        {
+            var value = data.Value<string>(JsonKey);
+            if (!string.IsNullOrEmpty(value))
+            {
+                identity.AddClaim(new Claim(ClaimName, value, ClaimType, issuer));
+            }
+        }
+    }
+}

src/Microsoft.AspNetCore.Authentication.OAuth/JsonClaimResolverCollectionExtensions.cs

@@ -0,0 +1,43 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication.OAuth;
+using Newtonsoft.Json.Linq;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    public static class JsonClaimResolverCollectionExtensions
+    {
+        public static void Add(this ClaimResolverCollection<JObject> collection, string claimName, string jsonKey)
+        {
+            collection.Add(claimName, jsonKey, ClaimValueTypes.String);
+        }
+
+        public static void Add(this ClaimResolverCollection<JObject> collection, string claimName, string jsonKey, string claimType)
+        {
+            collection.Add(new JsonClaimResolver(claimName, claimType, jsonKey));
+        }
+
+        public static void AddNested(this ClaimResolverCollection<JObject> collection, string claimName, string jsonKey, string subKey)
+        {
+            collection.AddNested(claimName, jsonKey, subKey, ClaimValueTypes.String);
+        }
+
+        public static void AddNested(this ClaimResolverCollection<JObject> collection, string claimName, string jsonKey, string subKey, string claimType)
+        {
+            collection.Add(new NestedJsonClaimResolver(claimName, claimType, jsonKey, subKey));
+        }
+
+        public static void AddCustom(this ClaimResolverCollection<JObject> collection, string claimName, Func<JObject, string> resolver)
+        {
+            collection.AddCustom(claimName, ClaimValueTypes.String, resolver);
+        }
+
+        public static void AddCustom(this ClaimResolverCollection<JObject> collection, string claimName, string claimType, Func<JObject, string> resolver)
+        {
+            collection.Add(new CustomJsonClaimResolver(claimName, claimType, resolver));
+        }
+    }
+}

src/Microsoft.AspNetCore.Authentication.OAuth/NestedJsonClaimResolver.cs

@@ -0,0 +1,43 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Newtonsoft.Json.Linq;
+using System.Security.Claims;
+
+namespace Microsoft.AspNetCore.Authentication.OAuth
+{
+    public class NestedJsonClaimResolver : JsonClaimResolver
+    {
+        public NestedJsonClaimResolver(string claimName, string claimType, string jsonKey, string subKey)
+            : base(claimName, claimType, jsonKey)
+        {
+            SubKey = subKey;
+        }
+
+        public string SubKey { get; }
+
+        public override void Apply(JObject data, ClaimsIdentity identity, string issuer)
+        {
+            var value = GetValue(data, JsonKey, SubKey);
+            if (!string.IsNullOrEmpty(value))
+            {
+                identity.AddClaim(new Claim(ClaimName, value, ClaimType, issuer));
+            }
+        }
+
+        // Get the given subProperty from a property.
+        private static string GetValue(JObject user, string propertyName, string subProperty)
+        {
+            JToken value;
+            if (user.TryGetValue(propertyName, out value))
+            {
+                var subObject = JObject.Parse(value.ToString());
+                if (subObject != null && subObject.TryGetValue(subProperty, out value))
+                {
+                    return value.ToString();
+                }
+            }
+            return null;
+        }
+    }
+}

src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs

@@ -6,6 +6,7 @@
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OAuth;
 using Microsoft.AspNetCore.Http.Authentication;
+using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNetCore.Builder
 {
@@ -55,6 +56,8 @@ public OAuthOptions()
             set { base.Events = value; }
         }
 
+        public ClaimResolverCollection<JObject> ClaimResolvers { get; } = new ClaimResolverCollection<JObject>();
+
         /// <summary>
         /// Gets the list of permissions to request.
         /// </summary>

src/Microsoft.AspNetCore.Authentication/ClaimResolver.cs

@@ -0,0 +1,22 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Security.Claims;
+
+namespace Microsoft.AspNetCore.Authentication
+{
+    public abstract class ClaimResolver<T>
+    {
+        public ClaimResolver(string claimName, string claimType)
+        {
+            ClaimName = claimName;
+            ClaimType = claimType;
+        }
+
+        public string ClaimName { get; }
+
+        public string ClaimType { get; }
+
+        public abstract void Apply(T data, ClaimsIdentity identity, string issuer);
+    }
+}