Add an OpenIddict sample and update the readme file.

Author: SeanFarrow-RSK

OpenIddict/OpenIddictIdP/Areas/Identity/Pages/_ViewStart.cshtml

@@ -0,0 +1,3 @@
+@{
+    Layout = "/Views/Shared/_Layout.cshtml";
+}

OpenIddict/OpenIddictIdP/Controllers/AuthorizationController.cs

@@ -0,0 +1,33 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
+ * See https://github.com/openiddict/openiddict-core for more information concerning
+ * the license and the contributors participating to this project.
+ */
+
+using Microsoft.AspNetCore;
+using Microsoft.AspNetCore.Mvc;
+using openiddictidp.ViewModels.Shared;
+
+namespace openiddictidp.Controllers;
+
+public class ErrorController : Controller
+{
+    [Route("error")]
+    [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
+    public IActionResult Error()
+    {
+        // If the error was not caused by an invalid
+        // OIDC request, display a generic error page.
+        var response = HttpContext.GetOpenIddictServerResponse();
+        if (response == null)
+        {
+            return View(new ErrorViewModel());
+        }
+
+        return View(new ErrorViewModel
+        {
+            Error = response.Error,
+            ErrorDescription = response.ErrorDescription
+        });
+    }
+}

OpenIddict/OpenIddictIdP/Controllers/ErrorController.cs

@@ -0,0 +1,29 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Logging;
+
+namespace openiddictidp.Controllers;
+
+public class HomeController : Controller
+{
+    private readonly ILogger<HomeController> _logger;
+
+    public HomeController(ILogger<HomeController> logger)
+    {
+        _logger = logger;
+    }
+
+    public IActionResult Index()
+    {
+        return View();
+    }
+
+    public IActionResult Privacy()
+    {
+        return View();
+    }
+
+    public IActionResult Error()
+    {
+        return View();
+    }
+}

OpenIddict/OpenIddictIdP/Controllers/HomeController.cs

@@ -0,0 +1,43 @@
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using OpenIddict.Abstractions;
+using OpenIddict.Validation.AspNetCore;
+using openiddictidp.Data;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using static OpenIddict.Abstractions.OpenIddictConstants;
+
+namespace openiddictidp.Controllers;
+
+[Route("api")]
+public class ResourceController : Controller
+{
+    private readonly UserManager<ApplicationUser> _userManager;
+
+    public ResourceController(UserManager<ApplicationUser> userManager)
+    {
+        _userManager = userManager;
+    }
+
+    [Authorize(AuthenticationSchemes = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme)]
+    [HttpGet("message")]
+    public async Task<IActionResult> GetMessage()
+    {
+        var user = await _userManager.FindByIdAsync(User.GetClaim(Claims.Subject));
+        if (user is null)
+        {
+            return Challenge(
+                authenticationSchemes: OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme,
+                properties: new AuthenticationProperties(new Dictionary<string, string>
+                {
+                    [OpenIddictValidationAspNetCoreConstants.Properties.Error] = Errors.InvalidToken,
+                    [OpenIddictValidationAspNetCoreConstants.Properties.ErrorDescription] =
+                        "The specified access token is bound to an account that no longer exists."
+                }));
+        }
+
+        return Content($"{user.UserName} has been successfully authenticated.");
+}
+}

OpenIddict/OpenIddictIdP/Controllers/ResourceController.cs

@@ -0,0 +1,36 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Rsk.Saml.Services;
+using openiddictidp.ViewModels.Saml;
+using System;
+using System.Threading.Tasks;
+
+namespace openiddictidp.Controllers;
+
+[Authorize]
+public class SamlController : Controller
+{
+    private readonly ISamlInteractionService samlInteractionService;
+
+    public SamlController(ISamlInteractionService samlInteractionService)
+    {
+        this.samlInteractionService = samlInteractionService ?? throw new ArgumentNullException(nameof(samlInteractionService));
+    }
+
+    [HttpGet]
+    public async Task<IActionResult> IdpInitiatedSso()
+    {
+        var serviceProviders = await samlInteractionService.GetIdpInitiatedSsoCompatibleServiceProviders();
+        var vm = new IdpInitiatedSsoViewModel(serviceProviders);
+
+        return View("IdpInitiatedSso", vm);
+    }
+
+    [HttpPost]
+    public async Task ExecuteSpSso(string serviceProviderId)
+    {
+        var ssoResponse = await samlInteractionService.CreateIdpInitiatedSsoResponse(serviceProviderId);
+
+        await samlInteractionService.ExecuteIdpInitiatedSso(HttpContext, ssoResponse);
+    }
+}

OpenIddict/OpenIddictIdP/Controllers/SamlController.cs

@@ -0,0 +1,71 @@
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using OpenIddict.Abstractions;
+using OpenIddict.Server.AspNetCore;
+using openiddictidp.Data;
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using static OpenIddict.Abstractions.OpenIddictConstants;
+
+namespace openiddictidp.Controllers;
+
+public class UserinfoController : Controller
+{
+    private readonly UserManager<ApplicationUser> _userManager;
+
+    public UserinfoController(UserManager<ApplicationUser> userManager)
+    {
+        _userManager = userManager;
+    }    
+
+
+    // GET: /api/userinfo
+    [Authorize(AuthenticationSchemes = OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)]
+    [HttpGet("~/connect/userinfo"), HttpPost("~/connect/userinfo"), Produces("application/json")]
+    public async Task<IActionResult> Userinfo()
+    {
+        var user = await _userManager.FindByIdAsync(User.GetClaim(Claims.Subject));
+        if (user is null)
+        {
+            return Challenge(
+                authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
+                properties: new AuthenticationProperties(new Dictionary<string, string>
+                {
+                    [OpenIddictServerAspNetCoreConstants.Properties.Error] = Errors.InvalidToken,
+                    [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] =
+                        "The specified access token is bound to an account that no longer exists."
+                }));
+        }
+
+        var claims = new Dictionary<string, object>(StringComparer.Ordinal)
+        {
+            // Note: the "sub" claim is a mandatory claim and must be included in the JSON response.
+            [Claims.Subject] = await _userManager.GetUserIdAsync(user)
+        };
+
+        if (User.HasScope(Scopes.Email))
+        {
+            claims[Claims.Email] = await _userManager.GetEmailAsync(user);
+            claims[Claims.EmailVerified] = await _userManager.IsEmailConfirmedAsync(user);
+        }
+
+        if (User.HasScope(Scopes.Phone))
+        {
+            claims[Claims.PhoneNumber] = await _userManager.GetPhoneNumberAsync(user);
+            claims[Claims.PhoneNumberVerified] = await _userManager.IsPhoneNumberConfirmedAsync(user);
+        }
+
+        if (User.HasScope(Scopes.Roles))
+        {
+            claims[Claims.Role] = await _userManager.GetRolesAsync(user);
+        }
+
+        // Note: the complete list of standard claims supported by the OpenID Connect specification
+        // can be found here: http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
+
+        return Ok(claims);
+    }
+}

OpenIddict/OpenIddictIdP/Controllers/UserinfoController.cs

@@ -0,0 +1,10 @@
+using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore;
+
+namespace openiddictidp.Data;
+
+public class ApplicationDbContext : IdentityDbContext<ApplicationUser>
+{
+    public ApplicationDbContext(DbContextOptions<ApplicationDbContext> options)
+        : base(options) { }
+}

OpenIddict/OpenIddictIdP/Data/ApplicationDbContext.cs

@@ -0,0 +1,6 @@
+using Microsoft.AspNetCore.Identity;
+
+namespace openiddictidp.Data;
+
+// Add profile data for application users by adding properties to the ApplicationUser class
+public class ApplicationUser : IdentityUser { }

OpenIddict/OpenIddictIdP/Data/ApplicationUser.cs

@@ -0,0 +1,30 @@
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+
+namespace openiddictidp.Helpers;
+
+public static class AsyncEnumerableExtensions
+{
+    public static Task<List<T>> ToListAsync<T>(this IAsyncEnumerable<T> source)
+    {
+        if (source == null)
+        {
+            throw new ArgumentNullException(nameof(source));
+        }
+
+        return ExecuteAsync();
+
+        async Task<List<T>> ExecuteAsync()
+        {
+            var list = new List<T>();
+
+            await foreach (var element in source)
+            {
+                list.Add(element);
+            }
+
+            return list;
+        }
+    }
+}