Add ClaimTypes.NameIdentifier and ClaimTypes.Email for SuperOffice (#465)

* Added support for ClaimTypes NameIdentifier and Email

* Explicitly add ClaimTypes.NameIdentity

* Update SubjectIdentifier description.

Co-authored-by: Martin Costello <[email protected]>

* Added test case for ClaimTypes.Email

* Add using

Add using statement to shorten the code.

Co-authored-by: SuperOfficeDevNet <[email protected]>
Co-authored-by: Martin Costello <[email protected]>

Author: 3 people

src/AspNet.Security.OAuth.SuperOffice/SuperOfficeAuthenticationConstants.cs

@@ -74,6 +74,11 @@ public static class ClaimNames
             /// </summary>
             public const string PrimaryEmail = "http://schemes.superoffice.net/identity/so_primary_email_address";
 
+            /// <summary>
+            /// Subject Identifier used to uniquely identify the user.
+            /// </summary>
+            public const string SubjectIdentifier = "sub";
+
             /// <summary>
             /// Identifier used to exchange for a system user ticket.
             /// </summary>

src/AspNet.Security.OAuth.SuperOffice/SuperOfficeAuthenticationHandler.cs

@@ -105,6 +105,12 @@ private async Task<string> ProcessIdTokenAndGetContactIdentifierAsync(
                     contextIdentifier = claim.Value;
                 }
 
+                if (claim.Type == SuperOfficeAuthenticationConstants.ClaimNames.SubjectIdentifier)
+                {
+                    identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, claim.Value));
+                    continue;
+                }
+
                 if (Options.IncludeIdTokenAsClaims)
                 {
                     // May be possible same claim names from UserInformationEndpoint and IdToken.

src/AspNet.Security.OAuth.SuperOffice/SuperOfficeAuthenticationOptions.cs

@@ -34,6 +34,7 @@ public SuperOfficeAuthenticationOptions()
             Scope.Add("openid");
 
             ClaimActions.MapJsonKey(ClaimTypes.Name, PrincipalNames.FullName);
+            ClaimActions.MapJsonKey(ClaimTypes.Email, PrincipalNames.EmailAddress);
 
             ClaimActions.MapJsonKey(ClaimNames.AssociateId, PrincipalNames.AssociateId);
             ClaimActions.MapJsonKey(ClaimNames.Email, PrincipalNames.EmailAddress);

test/AspNet.Security.OAuth.Providers.Tests/SuperOffice/SuperOfficeTests.cs

@@ -6,6 +6,7 @@
 
 using System;
 using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.DependencyInjection;
@@ -40,6 +41,8 @@ protected internal override void RegisterAuthentication(AuthenticationBuilder bu
         }
 
         [Theory]
+        [InlineData(ClaimTypes.NameIdentifier, "[email protected]")]
+        [InlineData(ClaimTypes.Email, "[email protected]")]
         [InlineData(SuperOfficeAuthenticationConstants.PrincipalNames.BusinessId, "4")]
         [InlineData(SuperOfficeAuthenticationConstants.PrincipalNames.CategoryId, "4")]
         [InlineData(SuperOfficeAuthenticationConstants.PrincipalNames.ContactId, "2")]

test/AspNet.Security.OAuth.Providers.Tests/SuperOffice/bundle.json

@@ -23,6 +23,7 @@
         "ContactId": 2,
         "CountryId": 826,
         "DatabaseContextIdentifier": "Cust12345",
+        "EMailAddress": "[email protected]",
         "FunctionRights": [ "allow-bulk-export" ],
         "GroupId": 2,
         "HomeCountryId": 826,