feat: Convert RolesClaimTransformationSource to flags to allow for co…

…mbining sources, add "All" flag for convience.

src/Keycloak.AuthServices.Authorization/Claims/KeycloakRolesClaimsTransformation.cs

@@ -70,7 +70,7 @@ public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
 
         var result = principal.Clone();
 
-        if (this.roleSource == RolesClaimTransformationSource.ResourceAccess)
+        if (this.roleSource.HasFlag(RolesClaimTransformationSource.ResourceAccess))
         {
             var resourceAccessValue = principal.FindFirst("resource_access")?.Value;
             if (string.IsNullOrWhiteSpace(resourceAccessValue))
@@ -107,11 +107,9 @@ out var rolesElement
                     identity.AddClaim(new Claim(this.roleClaimType, value));
                 }
             }
-
-            return Task.FromResult(result);
         }
 
-        if (this.roleSource == RolesClaimTransformationSource.Realm)
+        if (this.roleSource.HasFlag(RolesClaimTransformationSource.Realm))
         {
             var realmAccessValue = principal.FindFirst("realm_access")?.Value;
             if (string.IsNullOrWhiteSpace(realmAccessValue))
@@ -144,8 +142,6 @@ out var rolesElement
                         identity.AddClaim(new Claim(this.roleClaimType, value));
                     }
                 }
-
-                return Task.FromResult(result);
             }
         }
 

src/Keycloak.AuthServices.Authorization/KeycloakAuthorizationOptions.cs

@@ -32,20 +32,26 @@ public class KeycloakAuthorizationOptions : KeycloakInstallationOptions
 /// <summary>
 /// RolesClaimTransformationSource
 /// </summary>
+[Flags]
 public enum RolesClaimTransformationSource
 {
     /// <summary>
     /// Specifies that no transformation should be applied from the source.
     /// </summary>
-    None,
+    None = 0,
 
     /// <summary>
     /// Specifies that transformation should be applied to the realm.
     /// </summary>
-    Realm,
+    Realm = 1 << 0,
 
     /// <summary>
     /// Specifies that transformation should be applied to the resource access.
     /// </summary>
-    ResourceAccess
+    ResourceAccess = 1 << 1,
+
+    /// <summary>
+    /// Specifies that transformation should be applied to all sources.
+    /// </summary>
+    All = Realm | ResourceAccess
 }

tests/Keycloak.AuthServices.Authorization.Tests/Claims/KeycloakRolesClaimsTransformationTests.cs

@@ -10,6 +10,7 @@ public class KeycloakRolesClaimsTransformationTests
     [Theory]
     [InlineData(RolesClaimTransformationSource.Realm)]
     [InlineData(RolesClaimTransformationSource.ResourceAccess)]
+    [InlineData(RolesClaimTransformationSource.All)]
     public async Task ClaimsTransformationShouldMap(RolesClaimTransformationSource roleSource)
     {
         var target = new KeycloakRolesClaimsTransformation(ClaimTypes.Role, roleSource, ClientId);
@@ -25,6 +26,20 @@ public async Task ClaimsTransformationShouldMap(RolesClaimTransformationSource r
         }
     }
 
+    [Fact]
+    public async Task ClaimsTransformationShouldHandleNoneSource()
+    {
+        var target = new KeycloakRolesClaimsTransformation(
+            ClaimTypes.Role,
+            RolesClaimTransformationSource.None,
+            ClientId
+        );
+        var claimsPrincipal = GetClaimsPrincipal(MyRealmClaimValue, MyResourceClaimValue);
+
+        claimsPrincipal = await target.TransformAsync(claimsPrincipal);
+        claimsPrincipal.Claims.Count(item => ClaimTypes.Role == item.Type).Should().Be(0);
+    }
+
     [Fact]
     public async Task ClaimsTransformationShouldHandleMissingResourceClaim()
     {