我尝试使用其用户名和密码对用户进行身份验证。我想在响应中检索JWT并在其中找到他的权限(存储在app_metadata中)。
但返回的id_token不包含user_metadata或app_metadata。
我尝试使用Java驱动程序和HTTP调用。
Java:
AuthAPI auth = new AuthAPI("my-domain.auth0.com", "my_client_id", "my_secret_id");
AuthRequest request = auth.login(username, password)
.setScope("openid app_metadata user_metadata");
try {
TokenHolder holder = request.execute();
return holder;
} catch (Auth0Exception e) {
throw new AuthentException("Error authenticating " + username, e);
}
HTTP:
final String req = "{"
+ "\"username\":\"test@domain.com\","
+ "\"password\":\"test\","
+ "\"scope\":\"openid app_metadata user_metadata\","
+ "\"client_id\":\"my_client_id\","
+ "\"client_secret\":\"my_secret_id\","
+ "\"grant_type\":\"password\""
+ "}";
RestTemplate template = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
HttpEntity<String> entity = new HttpEntity<>(req, headers);
ResponseEntity<String> response = template.exchange("https://my-domain.auth0.com/oauth/token", HttpMethod.POST, entity, String.class);
返回的id_token仅包含:
{
"email": "test@domain.com",
"email_verified": true,
"iss": "https://my-domain.auth0.com/",
"sub": "auth0|xxx",
"aud": "my_client_id",
"exp": 1497744462,
"iat": 1495116462
}
我尝试添加规则:
function (user, context, callback) {
var namespace = 'https://my-domain.auth0.com/';
if (context.idToken && user.user_metadata) {
context.idToken[namespace + 'user_metadata'] = user.user_metadata;
}
if (context.idToken && user.app_metadata) {
context.idToken[namespace + 'app_metadata'] = user.app_metadata;
}
callback(null, user, context);
}
还有一个钩子:
module.exports = function(client, scope, audience, context, cb) {
var access_token = {};
access_token.scope = scope;
access_token.scope.push('user_profile');
cb(null, access_token);
};
但没有任何内容将元数据添加到id_token。
我如何检索这些元数据?
感谢。
答案 0 :(得分:1)
我发现/ oauth / ro端点正在运行:https://auth0.com/docs/api/authentication#resource-owner
final String req = "{"
+ "\"username\":\"ambre@domain.com\","
+ "\"password\":\"test\","
+ "\"scope\":\"" + settings.getScope() + "\","
+ "\"connection\":\"Username-Password-Authentication\","
+ "\"client_id\":\"" + settings.getClientId() + "\","
+ "\"grant_type\":\"password\""
+ "}";
RestTemplate template = new RestTemplate();
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
HttpEntity<String> entity = new HttpEntity<>(req, headers);
ResponseEntity<String> response = template.exchange("https://my-domain.auth0.com/oauth/ro", HttpMethod.POST, entity, String.class);
但是我找不到java驱动程序1.0.0中的等价物