身份服务器和访问令牌声明

时间:2017-05-03 18:54:43

标签: identityserver3 identityserver4

我正在使用带有Windows身份验证的身份服务器3并向用户的令牌添加声明。我注意到GetProfileDataAsync被调用了两次,调用者是“ClaimsProviderAccessToken”,它没有任何请求的声明,而“ClaimsProviderIdentityToken”是调用者。如何在“ClaimsProviderAccessToken”中获取RequestedClaimTypes,例如Role,Email等等?

public override Task GetProfileDataAsync(ProfileDataRequestContext context)
    {
        // issue the claims for the user
        var user = Users.SingleOrDefault(x => x.Subject == context.Subject.GetSubjectId());
        if (user != null && context.RequestedClaimTypes != null)
        {
            context.IssuedClaims = user.Claims.Where(x => context.RequestedClaimTypes.Contains(x.Type));
        }
        //NOTE: Uncomment and all the claims I need are in access token ?? Comment out and no claims in Access Token ??
        //context.IssuedClaims = user.Claims;

        return Task.FromResult(0);
    }

这是我的请求声明在访问令牌中的范围声明:

new Scope
                {
                    Name = "api",
                    Enabled = true,
                    DisplayName = "Sample API",
                    Description = "Access to a simple API",
                    Type= ScopeType.Resource,
                    IncludeAllClaimsForUser = true,


                   Claims = new List<ScopeClaim>
                   {

                       new ScopeClaim(Constants.ClaimTypes.Name),
                       new ScopeClaim(Constants.ClaimTypes.Role),
                       new ScopeClaim(Constants.ClaimTypes.Email),                          
                   },


                    ScopeSecrets = new List<Secret>
                    {
                        new Secret("api-secret".Sha256())
                    }
                }

我是否遗漏了某些东西,或者只是设置了context.IssuedClaims给user.Claims或者我应该通过RequestedClaimTypes提交?我真的迷失了一点试图弄清楚它是如何工作的,不确定是否设置了context.IssuedClaims = user.Claims虽然这看起来像我需要的行为???

1 个答案:

答案 0 :(得分:0)

我实际上找到了答案,设置IncludeAllClaimsForUser = true会清除声明,一旦我删除了context.RequestedClaimsTypes在请求访问令牌时不为null。

相关问题
最新问题