如何在 IdentityServer4 上添加 phone 号码声明
How to add phone number claim on IdentityServer4
我正在将 IdentityServer4 IDP 与 Blazor 客户端一起使用。在剃须刀组件中,我有:
[CascadingParameter]
public Task<AuthenticationState> AuthenticationStateTask { get; set; }
async Task GetClaims()
{
var claims = (await AuthenticationStateTask).User.Claims;
}
这给了我总共 9 个索赔,包括 sub、name、preferred_name、amr、email、email_verified 等. 我也想在这里获得 phone 号码,但它不存在,即使我在 IDP 配置中添加 phone 范围如下
public static IEnumerable<IdentityResource> Ids =>
new IdentityResource[]
{
new IdentityResources.OpenId(), // sub
new IdentityResources.Profile(), // givenName, familyName ..
new IdentityResources.Email(),
new IdentityResources.Phone()
};
并在客户端对象中;
AllowedScopes = {
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
IdentityServerConstants.StandardScopes.Phone,
"exampleapi" },
这是否意味着 phone 号码应该在身份令牌中?我应该怎么做才能获得 phone 号码?
此外,发送 phoneNumberUpdate 请求的最佳方式是什么?
spec 说:
The Claims requested by the profile, email, address, and phone scope
values are returned from the UserInfo Endpoint, as described in
Section 5.3.2, when a response_type value is used that results in an
Access Token being issued. However, when no Access Token is issued
(which is the case for the response_type value id_token), the
resulting Claims are returned in the ID Token.
客户端Oidc服务注册也需要配置请求phone作用域
builder.Services.AddOidcAuthentication(options =>
{
//...
options.ProviderOptions.DefaultScopes.Add("phone");
//...
});
我正在将 IdentityServer4 IDP 与 Blazor 客户端一起使用。在剃须刀组件中,我有:
[CascadingParameter]
public Task<AuthenticationState> AuthenticationStateTask { get; set; }
async Task GetClaims()
{
var claims = (await AuthenticationStateTask).User.Claims;
}
这给了我总共 9 个索赔,包括 sub、name、preferred_name、amr、email、email_verified 等. 我也想在这里获得 phone 号码,但它不存在,即使我在 IDP 配置中添加 phone 范围如下
public static IEnumerable<IdentityResource> Ids =>
new IdentityResource[]
{
new IdentityResources.OpenId(), // sub
new IdentityResources.Profile(), // givenName, familyName ..
new IdentityResources.Email(),
new IdentityResources.Phone()
};
并在客户端对象中;
AllowedScopes = {
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
IdentityServerConstants.StandardScopes.Phone,
"exampleapi" },
这是否意味着 phone 号码应该在身份令牌中?我应该怎么做才能获得 phone 号码?
此外,发送 phoneNumberUpdate 请求的最佳方式是什么?
spec 说:
The Claims requested by the profile, email, address, and phone scope values are returned from the UserInfo Endpoint, as described in Section 5.3.2, when a response_type value is used that results in an Access Token being issued. However, when no Access Token is issued (which is the case for the response_type value id_token), the resulting Claims are returned in the ID Token.
客户端Oidc服务注册也需要配置请求phone作用域
builder.Services.AddOidcAuthentication(options =>
{
//...
options.ProviderOptions.DefaultScopes.Add("phone");
//...
});