我正在阅读getting started guide of identityserver3并且它提到了开放ID配置端点:
同一性/。好知/ OpenID的配置
将列出您的范围。 在他们的例子中,它列出了:
在我的应用程序中,我创建了一个名为 api 的范围,当我创建客户端时,我将 AllowAccessToAllScopes 设置为true,但是当转到openid配置端点我得到了这个:
{
"issuer":"https://localhost:44313",
"jwks_uri":"https://localhost:44313/identity/.well-known/jwks",
"authorization_endpoint":"https://localhost:44313/identity/connect/authorize",
"token_endpoint":"https://localhost:44313/identity/connect/token",
"userinfo_endpoint":"https://localhost:44313/identity/connect/userinfo",
"end_session_endpoint":"https://localhost:44313/identity/connect/endsession",
"check_session_iframe":"https://localhost:44313/identity/connect/checksession",
"revocation_endpoint":"https://localhost:44313/identity/connect/revocation",
"introspection_endpoint":"https://localhost:44313/identity/connect/introspect",
"frontchannel_logout_supported":true,
"frontchannel_logout_session_supported":true,
"scopes_supported":[
"api"
],
"claims_supported":[
],
"response_types_supported":[
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported":[
"form_post",
"query",
"fragment"
],
"grant_types_supported":[
"authorization_code",
"client_credentials",
"password",
"refresh_token",
"implicit"
],
"subject_types_supported":[
"public"
],
"id_token_signing_alg_values_supported":[
"RS256"
],
"code_challenge_methods_supported":[
"plain",
"S256"
],
"token_endpoint_auth_methods_supported":[
"client_secret_post",
"client_secret_basic"
]
}
如您所见,只支持一个范围。 有谁知道为什么?或者我如何在那里获得所有范围?
答案 0 :(得分:0)
我想出来了。如果您查看我提供的链接,内存中的第一个示例使用 StandardScopes.All 。我在存储库中查看了它,并查看了它添加的范围列表。我决定更改我的 ScopeStore 并添加这些范围,如下所示:
public class ScopeStore: IScopeStore
{
private readonly DbContext _context;
public ScopeStore(DbContext context)
{
_context = context;
}
public async Task<IEnumerable<IdentityServer3.Core.Models.Scope>> FindScopesAsync(IEnumerable<string> scopeNames)
{
var models = await List().Where(m => scopeNames.Contains(m.Name)).ToListAsync();
return AddStandardScopes(models);
}
public async Task<IEnumerable<IdentityServer3.Core.Models.Scope>> GetScopesAsync(bool publicOnly = true)
{
var models = await List(publicOnly).ToListAsync();
return AddStandardScopes(models);
}
/// <summary>
/// Gets a list of Scopes
/// </summary>
/// <param name="publicOnly">A boolean to show public scopes or not</param>
/// <returns>The matched Scopes</returns>
public IQueryable<IdentityServer3.EntityFramework.Entities.Scope> List(bool publicOnly = true, params string[] includes)
{
var models = _context.Set<IdentityServer3.EntityFramework.Entities.Scope>();
if (publicOnly)
return models.Where(m => m.ShowInDiscoveryDocument);
return models;
}
private IEnumerable<IdentityServer3.Core.Models.Scope> AddStandardScopes(IEnumerable<IdentityServer3.EntityFramework.Entities.Scope> scopes)
{
var models = scopes.Select(m => m.ToModel()).ToList();
models.AddRange(StandardScopes.All.ToList());
return models;
}
}
一旦我这样做,当我回到我的配置页面时,列出了所有范围,我终于可以得到我的用户信息。