Question

我目前正在开发API。令牌从IdentityServer4返回。

我正在尝试从令牌声明中取回子ID，即当前授权用户的id。我可以在声明中看到它。

{
  "nbf": 1512632838,
  "exp": 1512636438,
  "iss": "http://localhost:5000",
  "aud": [
    "http://localhost:5000/resources",
    "testapi"
  ],
  "client_id": "ServiceAccountAccess",
  "sub": "21248582",
  "auth_time": 1512632823,
  "idp": "local",
  "name": "TestUser",
  "resource_id": "21260601",
  "xena_fiscal_id": "21875",
  "fiscal_name": "My company",
  "picture_url": "/Content/images/avatar-company-xena.jpg",
  "application_id": "16140911",
  "scope": [
    "openid",
    "profile",
    "testapi"
  ],
  "amr": [
    "password"
  ]
}

我的API调用非常简单

    [Authorize]
    public async Task<ActionResult> ChangeFiscal([FromBody] long fiscalId)
    {

        var name = User.Claims.Where(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier")
            .Select(c => c.Value).SingleOrDefault();

    }

我无法理解为什么sub或subject变成了

“http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier”

我可以从api看到它完成了相当多的声明

{
  "nbf": 1512653706,
  "exp": 1512657306,
  "iss": "http://localhost:5000",
  "aud": [
    "http://localhost:5000/resources",
    "testapi"
  ],
  "client_id": "ServiceAccountAccess",
  "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "21248582",
  "auth_time": 1512652100,
  "http://schemas.microsoft.com/identity/claims/identityprovider": "local",
  "name": "TestUser",
  "supporter": "21248582",
  "http://schemas.microsoft.com/claims/authnmethodsreferences": "password",
  "resource_id": "21527443",
  "xena_fiscal_id": "21876",
  "fiscal_name": "this",
  "picture_url": "/Content/images/avatar-company-xena.jpg",
  "scope": [
    "openid",
    "profile",
    "testapi"
  ]
}

Answer 1

花了一个小时才发现Microsoft JWT处理程序将这些标准声明转换为Microsoft专有声明。

通过在启动配置方法中添加以下行，我可以关闭这个烦人的“功能”

JwtSecurityTokenHandler.InboundClaimTypeMap.Clear()

声明类型错误

1 个答案: