我们已经安装了IdentityServer4,并且已经基于HybridFlow和Javascript快速入门创建了客户端应用程序。 ID服务器使用AspNetIdentity,而我对如何访问不是声明的用户属性感到困惑,例如客户端上的“ AspNetUser> TwoFactorEnabled”。我可以使用Sub声明来查找它们,但不想在每次页面访问时都进行数据库往返。
我的OpenIdConnectAuthenticationOptions对象已定义了这些范围
Scope = "api1 openid profile read write offline_access active_dir email"
IDS4可以返回“ TwoFactorEnabled”作为声明吗,还是我缺少简单的东西?这是我们的某些startup.cs代码的样子:
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = "fake clientid",
ClientSecret = "fake secret",
Authority = _AuthConfig["BaseAddress"],
RedirectUri = _AuthConfig["ThisSiteBaseUrl"] + "/signin-oidc",
PostLogoutRedirectUri = _AuthConfig["ThisSiteBaseUrl"] + "/Home/SignOutCallback",
ResponseType = "code id_token",
Scope = "api1 openid profile read write offline_access active_dir email",
RequireHttpsMetadata = false,
TokenValidationParameters = new TokenValidationParameters()
{
NameClaimType = "name",
RoleClaimType = "role"
},
SignInAsAuthenticationType = "Cookies",
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async n =>
{
// use the code to get the access and refresh token
var tokenClient = new TokenClient(
_AuthConfig["TokenEndpoint"],
"fake clientid",
"fake secret");
var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(
n.Code, n.RedirectUri);
if (tokenResponse.IsError)
{
throw new Exception(tokenResponse.Error);
}
// use the access token to retrieve claims from userinfo
var userInfoClient = new UserInfoClient( (new Uri(_AuthConfig["UserInfoEndpoint"])).ToString() );
var userInfoResponse = await userInfoClient.GetAsync(tokenResponse.AccessToken);
// create new identity
var id = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType);
id.AddClaims(userInfoResponse.Claims);
id.AddClaim(new Claim("access_token", tokenResponse.AccessToken));
: