我正在使用IdentityServer4,我想将计算字段添加到access_token / id_token。
此类字段的示例可以是用户的IP(或令牌绑定哈希),令牌将附加到该IP地址。
问:我该怎么做?
提前致谢,对不好的英语感到抱歉。
答案 0 :(得分:3)
您可以通过在UserManager实现中创建方法来添加包含计算字段的声明。
FirebaseUser current_user = FirebaseAuth.getInstance().getCurrentUser();
String uid = current_user.getUid();
mDatabase = FirebaseDatabase.getInstance().getReference().child("Users").child(uid);//.getReference points to root.
HashMap<String,Object> usermap = new HashMap<>();
usermap.put("name",name);
usermap.put("description",description);
usermap.put("address",address);
Map<String,String> week = new HashMap<>();
week.put("Monday", "1,1,1,1,1,1,1,1");
week.put("Tuesday", "1,1,1,1,1,1,1,1");
week.put("Wednesday", "1,1,1,1,1,1,1,1");
week.put("Thursday", "1,1,1,1,1,1,1,1");
week.put("Friday", "1,1,1,1,1,1,1,1");
usermap.put("Week", week);
mDatabase.updateChildren(usermap);
从实现IProfileService的类中调用它。我将我的命名为ProfileService。
public class UserManager: IUserManager
{
...other code here removed for simplicity
public List<Claim> GetClaimsAsync(Models.User user)
{
var claims = new List<Claim>();
claims.Add(new Claim(JwtClaimTypes.PreferredUserName, user.USER_ID.ToString().Trim()));
//This next line is pseudo coded and would need to be coded.
claims.Add(new Claim("MyCalculatedIP", MyFunctionToGetUserIP().ToString().Trim()));
return claims;
}
...other code here removed for simplicity
}
在Startup类中,为依赖注入添加ProfileService对象。
/// <summary>
/// implement the interface called "IProfileService", which is used for authorization.
/// </summary>
public class ProfileService : IProfileService
{
IUserManager _myUserManager;
private readonly ILogger<ProfileService> _logger;
public ProfileService(ILogger<ProfileService> logger, IUserManager userManager)
{
_logger = logger;
_myUserManager = userManager;
}
public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
var user = await _myUserManager.Find(context.UserName, context.Password);
if (user != null)
{
context.Result = new GrantValidationResult(
subject: user.USER_ID,
authenticationMethod: "custom",
claims: await _myUserManager.GetClaimsAsync(user));
}
else
{
context.Result = new GrantValidationResult(
TokenRequestErrors.InvalidRequest,
errorDescription: "UserName or Password Incorrect.");
}
}
public async Task GetProfileDataAsync(ProfileDataRequestContext context)
{
_logger.LogDebug("Get profile called for {subject} from {client} with {claimTypes} because {caller}",
context.Subject.GetSubjectId(),
context.Client.ClientName,
context.RequestedClaimTypes,
context.Caller);
var sub = context.Subject.FindFirst("sub")?.Value;
if (sub != null)
{
var user = await _myUserManager.FindByNameAsync(sub);
var cp = getClaims(user);
var claims = cp.Claims;
context.IssuedClaims = claims.ToList();
}
}
private ClaimsPrincipal getClaims(User user)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
var id = new ClaimsIdentity();
id.AddClaims(_myUserManager.GetClaimsAsync(user));
return new ClaimsPrincipal(id);
}
/// <summary>
/// Called by IdentityServer Middleware.
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public async Task IsActiveAsync(IsActiveContext context)
{
var sub = context.Subject.GetSubjectId();
var user = await _myUserManager.FindByNameAsync(sub);
context.IsActive = user != null;
return;
}
}
有用的消息来源 artile