Question

我正在阅读getting started guide of identityserver3并且它提到了开放ID配置端点：

同一性/。好知/ OpenID的配置

将列出您的范围。在他们的例子中，它列出了：

的OpenID
简档
电子邮件
电话
地址

在我的应用程序中，我创建了一个名为 api 的范围，当我创建客户端时，我将 AllowAccessToAllScopes 设置为true，但是当转到openid配置端点我得到了这个：

{  
   "issuer":"https://localhost:44313",
   "jwks_uri":"https://localhost:44313/identity/.well-known/jwks",
   "authorization_endpoint":"https://localhost:44313/identity/connect/authorize",
   "token_endpoint":"https://localhost:44313/identity/connect/token",
   "userinfo_endpoint":"https://localhost:44313/identity/connect/userinfo",
   "end_session_endpoint":"https://localhost:44313/identity/connect/endsession",
   "check_session_iframe":"https://localhost:44313/identity/connect/checksession",
   "revocation_endpoint":"https://localhost:44313/identity/connect/revocation",
   "introspection_endpoint":"https://localhost:44313/identity/connect/introspect",
   "frontchannel_logout_supported":true,
   "frontchannel_logout_session_supported":true,
   "scopes_supported":[  
      "api"
   ],
   "claims_supported":[  

   ],
   "response_types_supported":[  
      "code",
      "token",
      "id_token",
      "id_token token",
      "code id_token",
      "code token",
      "code id_token token"
   ],
   "response_modes_supported":[  
      "form_post",
      "query",
      "fragment"
   ],
   "grant_types_supported":[  
      "authorization_code",
      "client_credentials",
      "password",
      "refresh_token",
      "implicit"
   ],
   "subject_types_supported":[  
      "public"
   ],
   "id_token_signing_alg_values_supported":[  
      "RS256"
   ],
   "code_challenge_methods_supported":[  
      "plain",
      "S256"
   ],
   "token_endpoint_auth_methods_supported":[  
      "client_secret_post",
      "client_secret_basic"
   ]
}

如您所见，只支持一个范围。有谁知道为什么？或者我如何在那里获得所有范围？

Answer 1

我想出来了。如果您查看我提供的链接，内存中的第一个示例使用 StandardScopes.All 。我在存储库中查看了它，并查看了它添加的范围列表。我决定更改我的 ScopeStore 并添加这些范围，如下所示：

public class ScopeStore: IScopeStore
{
    private readonly DbContext _context;

    public ScopeStore(DbContext context)
    {
        _context = context;
    }

    public async Task<IEnumerable<IdentityServer3.Core.Models.Scope>> FindScopesAsync(IEnumerable<string> scopeNames)
    {
        var models = await List().Where(m => scopeNames.Contains(m.Name)).ToListAsync();
        return AddStandardScopes(models);
    }

    public async Task<IEnumerable<IdentityServer3.Core.Models.Scope>> GetScopesAsync(bool publicOnly = true)
    {
        var models = await List(publicOnly).ToListAsync();
        return AddStandardScopes(models);
    }

    /// <summary>
    /// Gets a list of Scopes
    /// </summary>
    /// <param name="publicOnly">A boolean to show public scopes or not</param>
    /// <returns>The matched Scopes</returns>
    public IQueryable<IdentityServer3.EntityFramework.Entities.Scope> List(bool publicOnly = true, params string[] includes)
    {
        var models = _context.Set<IdentityServer3.EntityFramework.Entities.Scope>();

        if (publicOnly)
            return models.Where(m => m.ShowInDiscoveryDocument);

        return models;
    }

    private IEnumerable<IdentityServer3.Core.Models.Scope> AddStandardScopes(IEnumerable<IdentityServer3.EntityFramework.Entities.Scope> scopes)
    {
        var models = scopes.Select(m => m.ToModel()).ToList();
        models.AddRange(StandardScopes.All.ToList());
        return models;
    }
}

一旦我这样做，当我回到我的配置页面时，列出了所有范围，我终于可以得到我的用户信息。

identityserver3 openid配置未显示所有范围

1 个答案: