Support for actor claim type

[matiii]

Hi,

Could you provide similar support for actors as AddJwtBearer handler does ?

[leastprivilege]

I need more details.

[matiii]

Based on actort claim, lib should create Actor ClaimIdentity. Docs below https://docs.microsoft.com/en-us/dotnet/api/system.security.claims.claimsidentity.actor?view=netcore-3.1 https://docs.microsoft.com/en-us/dotnet/api/system.security.claims.claimtypes.actor?view=netcore-3.1

My custom implementation

.AddOAuth2Introspection("introspection", o => {;
                o.Events.OnCreatingTicket = principal => {
                    var actor = principal?.Claims.FirstOrDefault(x => x.Type == "actort");

                    if (actor != null)
                    {
                        var handler = new JwtSecurityTokenHandler();
                        var actorToken = handler.ReadJwtToken(actor.Value);

                        if (actorToken != null)
                        {
                            principal.Identities.First().Actor = new ClaimsIdentity(actorToken.Claims);
                        }
                    }

                    return Task.CompletedTask;
                };

            });

[leastprivilege]

Hey,

sorry this has been sitting here for a long time...

couple of questions -

• where does the actort claim type come from - the closest I could think of is act from the token exchange spec
• your assumption seems to be that there is a JWT on that claim - who produces this?

thanks

[matiii]

Hi sorry, for late replying

Ad.1 Yep, i think act is the closest to actort, however I suspect abbreavation means actor token Ad.2 I produce it on my custom grant type flow