Identity Server将角色声明添加到access_token

时间:2017-11-01 13:21:12

标签: .net-core identityserver4

我正在使用Identity Server 4和资源所有者方案。我成功获取了访问令牌。但是,我希望它也有这些说法。我在身份服务器实现上添加了角色声明。但我没有看到它在我的令牌中编码。 这是我的Api资源:

    {
    "_id": "SomeAPI",
    "Enabled": true,
    "DisplayName": "Some APII",
    "Description": null,
    "ApiSecrets": [],
    "UserClaims": [
        "role
    ],
    "Scopes": [
        {
            "Name": "SomeAPI",
            "DisplayName": "Some API,
            "Description": null,
            "Required": false,
            "Emphasize": false,
            "ShowInDiscoveryDocument": true,
            "UserClaims": [
                "role"
                ]
        }
    ]
}

这是我的客户:

  {
    "Enabled": true,
    "ClientSecrets": [
        {
            "Description": null,
            "Value": "-----",
            "Expiration": ----,
            "Type": "SharedSecret"
        }
    ],
    "ClientName": null,
    "ClientUri": null,
    "LogoUri": null,
    "RequireConsent": true,
    "AllowRememberConsent": true,
    "AllowOfflineAccess": true,
    "AccessTokenLifetime": 10000.0,
    "AllowedGrantTypes": [
        "password"
    ],
    "AllowedScopes": [
        "SomeAPI"
    ],
    "Claims": [],
    "AllowedCorsOrigins": []
}

我如何获得令牌:

 var result = await client.RequestResourceOwnerPasswordAsync(userName, password);

修改的: 我根据建议的答案更新了电话:

var result = await client.RequestResourceOwnerPasswordAsync(userName, password, "SomeAPI")

我还更新了客户端允许的角色范围'。现在我获得了所需的角色,但没有嵌套在声明之下,而是作为这种类型的数组:

"http://schemas.microsoft.com/ws/2008/06/identity/claims/role": [
"role1",
"role2"

],

1 个答案:

答案 0 :(得分:0)

您必须包含范围:

var result = await client.RequestResourceOwnerPasswordAsync(userName, password, "SomeAPI");