Identity Server和访问令牌声明
问题描述:
我使用的身份服务器3 windows身份验证并加入声称用户的令牌。我注意到GetProfileDataAsync被调用两次,其调用者是“ClaimsProviderAccessToken”,它没有任何请求的声明,“ClaimsProviderIdentityToken”是调用者的声明。我如何获得RequestedClaimTypes,如角色,电子邮件,在“ClaimsProviderAccessToken”中的任何内容?Identity Server和访问令牌声明
public override Task GetProfileDataAsync(ProfileDataRequestContext context)
{
// issue the claims for the user
var user = Users.SingleOrDefault(x => x.Subject == context.Subject.GetSubjectId());
if (user != null && context.RequestedClaimTypes != null)
{
context.IssuedClaims = user.Claims.Where(x => context.RequestedClaimTypes.Contains(x.Type));
}
//NOTE: Uncomment and all the claims I need are in access token ?? Comment out and no claims in Access Token ??
//context.IssuedClaims = user.Claims;
return Task.FromResult(0);
}
这里是正在请求声称是访问令牌我的范围要求:
new Scope
{
Name = "api",
Enabled = true,
DisplayName = "Sample API",
Description = "Access to a simple API",
Type= ScopeType.Resource,
IncludeAllClaimsForUser = true,
Claims = new List<ScopeClaim>
{
new ScopeClaim(Constants.ClaimTypes.Name),
new ScopeClaim(Constants.ClaimTypes.Role),
new ScopeClaim(Constants.ClaimTypes.Email),
},
ScopeSecrets = new List<Secret>
{
new Secret("api-secret".Sha256())
}
}
我缺少的东西或者是正确的,只是设置context.IssuedClaims到user.Claims或我应该通过RequestedClaimTypes文件?我真的失去了一点点,试图弄清楚这是如何工作的,不确定是否设置context.IssuedClaims = user.Claims,虽然这看起来像我需要的行为?
答
我实际上找到了答案,一旦删除请求访问令牌时context.RequestedClaimsTypes不为null,则将IncludeAllClaimsForUser = true设置为清除声明。