我正在使用IdentityServer4混合流示例应用程序来测试和使用IS4:https://github.com/IdentityServer/IdentityServer4.Samples/tree/release/Quickstarts/5_HybridFlowAuthenticationWithApiAccess
IS4中的Config.cs有两个已定义的测试用户:
return new List<TestUser>
{
new TestUser
{
SubjectId = "1",
Username = "alice",
Password = "password",
Claims = new List<Claim>
{
new Claim("name", "Alice"),
new Claim("website", "https://alice.com")
}
},
new TestUser
{
SubjectId = "2",
Username = "bob",
Password = "password",
Claims = new List<Claim>
{
new Claim("name", "Bob"),
new Claim("website", "https://bob.com")
}
}
};
sid: ec1e3b0513f711ca6c29a90494aa9741
sub: 1
idp:local
name:Alice
未显示“网站”声明。我怎样才能将这个声明与名字一起取回? options.GetClaimsFromUserInfoEndpoint设置为“true”。 (MVC Client Startup.cs)
所以,如果我创建一个策略:
services.AddAuthorization(options => {
options.AddPolicy("testPolicy", builder =>
{
builder.RequireAuthenticatedUser();
builder.RequireClaim("website", "https://alice.com");
});
});
并用它保护“安全”行动:
[Authorize(Policy = "testPolicy")]
public IActionResult Secure()
{
ViewData["Message"] = "Secure page.";
return View();
}
我无法访问它,因为“网站”声明未从用户端点返回...任何想法? 注意:除了“testPolicy”之外,我没有对示例应用程序进行任何更改。
答案 0 :(得分:0)
我记得您需要将UserClaims添加到ApiResource:
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("api1.access")
{
UserClaims = new List<string>
{
JwtClaimTypes.Name, // or just put "name"
JwtClaimTypes.WebSite // or just put "website"
},
Scopes = new List<Scope>
{
new Scope("api1.access")
}
}
};
}