Question

我在我的客户端startup.cs中有以下内容。

services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            })
            .AddCookie()
            .AddOpenIdConnect(options =>
            {
                options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; // cookie middle setup above
                options.Authority = AuthSetting["Authority"];  // Auth Server
                options.RequireHttpsMetadata = false; // only for development 
                options.ClientId = AuthSetting["ClientId"]; // client setup in Auth Server
                options.ClientSecret = AuthSetting["ClientSecret"];
                options.ResponseType = "code id_token"; // means Hybrid flow (id + access token)
                options.GetClaimsFromUserInfoEndpoint = true;
                options.SaveTokens = true;
                //options.ClaimActions.MapJsonKey(ClaimTypes.Email, "email", ClaimValueTypes.Email);
                //options.ClaimActions.Clear(); //https://stackoverflow.com/a/47896180/9263418
                //options.ClaimActions.MapUniqueJsonKey("Aes", "Aes");
                //options.ClaimActions.MapUniqueJsonKey("foo", "foo");
                //options.ClaimActions.MapJsonKey("Aes", "Aes"); //https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers/issues/210
            });

以下是我的Identityserver的startup.cs

services.AddIdentityServer(options =>
                {
                    options.Events.RaiseSuccessEvents = true;
                    options.Events.RaiseFailureEvents = true;
                    options.Events.RaiseErrorEvents = true;
                    options.Events.RaiseInformationEvents = true;
                })
                .AddInMemoryClients(Clients.Get())
                .AddInMemoryIdentityResources(Resources.GetIdentityResources())
                .AddInMemoryApiResources(Resources.GetApiResources())
                .AddDeveloperSigningCredential()
                .AddExtensionGrantValidator<Extensions.ExtensionGrantValidator>()
                .AddExtensionGrantValidator<Extensions.NoSubjectExtensionGrantValidator>()
                .AddJwtBearerClientAuthentication()
                .AddAppAuthRedirectUriValidator()
                .AddClientConfigurationValidator<DefaultClientConfigurationValidator>()
                .AddProfileService<ProfileService>();

以下是我的ProfileService.cs文件。

public class ProfileService : IProfileService
    {

        public Task GetProfileDataAsync(ProfileDataRequestContext context)
        {
            // Processing
            var claims = new List<Claim>
            {
                new Claim("Email", "someone2gmail.com"),
            };

            context.IssuedClaims.AddRange(claims);

            return Task.FromResult(0);
        }

        public Task IsActiveAsync(IsActiveContext context)
        {
            // Processing
            context.IsActive = true;

            return Task.FromResult(0);
        }
    }

我无法在客户端应用程序中访问Mail声明。

检查了很多参考文献。

但他们都没有为我工作。有什么猜测可能会遗漏？

将Identityserver4与.Net core 2一起使用。

Answer 1

The default scopes for OpenIDConnectOptions are "openid" and "profile".

在配置选项时，您还必须另外请求“电子邮件”范围。

Answer 2

没关系。我通过在服务器的客户端配置中尝试以下选项来解决它。将完整阅读。但是现在它起作用似乎包括在令牌中的声明。

AlwaysIncludeUserClaimsInIdToken = true

客户端未使用identityserver 4 .Net core 2.0访问自定义声明

2 个答案: