身份服务器4在不使用个人资料的情

时间:2017-08-15 00:17:03

标签: identityserver4

如何配置Identity Server Core以在混合流程中传递用户电子邮件,而不包括“个人资料”身份资源?

我希望我的服务器知道有关用户的最少信息,因此我只需要用户的电子邮件来创建帐户。我的同意仅是要求用户授权所需的身份证和电子邮件。

我正在使用实体框架Stores来持久保存数据+ Asp.net Core Identity以进行用户管理。我从下面显示的Config中填充数据库。

这是我到目前为止所做的,但我没有收到用户使用用户电子邮件的声明。我虽然收到了“sid”。

public class Config
{
    // scopes define the resources in your system
    public static IEnumerable<IdentityResource> GetIdentityResources()
    {

        return new List<IdentityResource>
        {
            new IdentityResources.OpenId(),
            new IdentityResources.Email
            {
                Required = true
            }
        };
    }


    // clients want to access resources (aka scopes)
    public static IEnumerable<Client> GetClients()
    {
             new Client
            {
                ClientId = "MyClient",
                ClientName = "MyClient",
                AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,

                RequireConsent = true,

                ClientSecrets =
                {
                    new Secret("secret".Sha256())
                },

                RedirectUris = { "http://localhost:27919/signin-oidc" },
                PostLogoutRedirectUris = { "http://localhost:27919" },

                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Email
                },
                AllowOfflineAccess = true
            }



        };
    }
}

在客户端,我正在做:

// middleware for external openid connect authentication
        var options = new OpenIdConnectOptions
        {
            SignInScheme = "Identity.External",
            SignOutScheme = "Identity",

            DisplayName = "MyClient",
            Authority = Constants.AuthServer.BaseUrl,

            ClientId = "MyClient",
            ClientSecret = "secret",

            ResponseType = "code id_token",

            //Scopes are entered below, outside this constructor

            GetClaimsFromUserInfoEndpoint = true,


            RequireHttpsMetadata = false   //TODO: make true, it is false for development only


        };
        //Adding Scopes
        options.Scope.Clear();
        options.Scope.Add("openid");
        options.Scope.Add("email");
        app.UseOpenIdConnectAuthentication(options);

1 个答案:

答案 0 :(得分:0)

我发现在与Asp.net Identity相对应的帐户控制器中,必须在创建用户时创建电子邮件声明,因此请添加:

BASE_URL = 'https://www.census.gov/data/tables/2016/demo/popest/state-total.html'

all_links = soup.find_all('a')

def clean_links(tags, base_url):
    cleaned_links = set()
    for tag in tags:
        link = tag.get('href')
        if link is None:
            continue
        if link.endswith('/') or link.endswith('#'):
            link = link[-1]
        full_url = urllib.parse.urljoin(base_url, link)
        cleaned_links.add(full_url)
    return cleaned_links

cleaned_links = clean_links(all_links, BASE_URL)

for link in cleaned_links:
    f.write(str(link) + '\n')
每次创建用户后

 user.Claims.Add(new IdentityUserClaim<string>
            {
                ClaimType = "email",
                ClaimValue = model.Email
            });
相关问题
最新问题