我已使用代码流实现了身份提供程序和客户端应用程序。在验证令牌并完成索赔时,我无法找到与我起诉的用户相关的索赔。 代码与Identity Server 4 Authorization Code Flow example
非常相似private IEnumerable<Claim> ValidateToken(string token)
{
var certPath = Path.Combine(Server.MapPath("~/bin"), "SscSign.pfx");
var cert = new X509Certificate2(certPath);
var x509SecurityKey = new X509SecurityKey(cert);
var parameters = new TokenValidationParameters
{
RequireSignedTokens = true,
ValidAudience = audience,
ValidIssuer = validIssuer,
IssuerSigningKey = new X509SecurityKey(cert),
RequireExpirationTime = true,
ClockSkew = TimeSpan.FromMinutes(5)
};
var handler = new JwtSecurityTokenHandler();
SecurityToken jwt;
var id = handler.ValidateToken(token, parameters, out jwt);
foreach (Claim claim in id.Claims)
{
**I can't see any claim for key email**
}
this.Request.GetOwinContext().Authentication.SignOut("TempCookie");
return id.Claims;
}
如果有人可以帮我阅读电子邮件声明,我将不胜感激。 @bayardw