角色不通过IdentityServer4在令牌中

时间:2017-04-05 16:37:54

标签: openid-connect identityserver4

我使用IdentityServer4对我的内部应用进行身份验证。我有一个服务,我在我的GrantValidator内部调用验证用户名和密码。该服务返回用户的角色列表

    public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
    {


        var loginResponse = await loginService.ValidateCreds(context.UserName, context.Password)

        if (loginResponse.Success)
        {
            var roleClaims = loginResponse.Roles?.Select(x => new Claim(ClaimTypes.Role, x)) ?? Enumerable.Empty<Claim>();
            // The claims argument doesn't seem to do anything!
            context.Result = new GrantValidationResult(loginResponse.UserId, "password", roleClaims);
        }
        else
            context.Result = new GrantValidationResult(TokenRequestErrors.InvalidClient, "Invalid Credentials");
    }

返回的令牌:

{
  "nbf": 1491409664,
  "exp": 1491413264,
  "iss": "http://localhost:5000",
  "aud": [
    "http://localhost:5000/resources",
    "redacted"
  ],
  "client_id": "localhost",
  "sub": "nouser_222222222|1234567",
  "auth_time": 1491409634,
  "idp": "local",
  "clientid": "dfc962d7-c731-4d42-b0c8-bec766dc7813",
  "scope": [
    "profile",
    "redacted"
  ],
  "amr": [
    "password"
  ]
}

1 个答案:

答案 0 :(得分:1)

个人资料服务负责将声明置于令牌中。实施IProfileService并在DI中注册。

在那里,您可以访问资源所有者验证程序放入主题的声明,然后可以通过将它们放在IssuedClaims集合上来发出它们。