如何为混合流客户端填充自定义身份资源声明?
How to populate custom identity resource claim for hybrid flow client?
我有一个带有自定义身份资源的 IdentityServer4 服务器:
new IdentityResource
{
Name = "custom.profile",
UserClaims = new[] { "location" }
}
此资源由 ASP.NET MVC 客户端的用户使用 OIDC 混合流连接且无同意页面:
new Client
{
ClientId = "client.mvc",
ClientName = "MVC Core Client",
AllowedGrantTypes = GrantTypes.Hybrid,
...
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"custom.profile"
},
手动登录 <idsrv>/Login/DoLogin:
public async Task<IActionResult> DoLogin(LoginInputModel model)
{
if (ModelState.IsValid)
{
if (model.Username == "test.user" && model.Password == "password")
{
Guid userId = new Guid("8da49efb-a1aa-4253-bb7f-56cc6c532b78");
await HttpContext.Authentication.SignInAsync(userId.ToString(), model.Username);
if (_interaction.IsValidReturnUrl(model.ReturnUrl))
{
return Redirect(model.ReturnUrl);
}
return Redirect("~/");
}
ModelState.AddModelError("", "Invalid username or password.");
}
我的问题是,how/where我是否为用户填充“custom.profile”范围的这个“location”值?
您基本上需要在 IProfileService 服务上实现 GetProfileDataAsync 方法来添加一些声明。
所以在启动时确保你有类似的东西:
identityServerBuilder.Services.AddScoped<IProfileService, ProfileService>();
然后在你的 ProfileService class 中有这样的东西:
public Task GetProfileDataAsync(ProfileDataRequestContext context) {
context.IssuedClaims.Add(new Claim()); //Your claims(s)
}
我有一个带有自定义身份资源的 IdentityServer4 服务器:
new IdentityResource
{
Name = "custom.profile",
UserClaims = new[] { "location" }
}
此资源由 ASP.NET MVC 客户端的用户使用 OIDC 混合流连接且无同意页面:
new Client
{
ClientId = "client.mvc",
ClientName = "MVC Core Client",
AllowedGrantTypes = GrantTypes.Hybrid,
...
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
"custom.profile"
},
手动登录 <idsrv>/Login/DoLogin:
public async Task<IActionResult> DoLogin(LoginInputModel model)
{
if (ModelState.IsValid)
{
if (model.Username == "test.user" && model.Password == "password")
{
Guid userId = new Guid("8da49efb-a1aa-4253-bb7f-56cc6c532b78");
await HttpContext.Authentication.SignInAsync(userId.ToString(), model.Username);
if (_interaction.IsValidReturnUrl(model.ReturnUrl))
{
return Redirect(model.ReturnUrl);
}
return Redirect("~/");
}
ModelState.AddModelError("", "Invalid username or password.");
}
我的问题是,how/where我是否为用户填充“custom.profile”范围的这个“location”值?
您基本上需要在 IProfileService 服务上实现 GetProfileDataAsync 方法来添加一些声明。
所以在启动时确保你有类似的东西:
identityServerBuilder.Services.AddScoped<IProfileService, ProfileService>();
然后在你的 ProfileService class 中有这样的东西:
public Task GetProfileDataAsync(ProfileDataRequestContext context) {
context.IssuedClaims.Add(new Claim()); //Your claims(s)
}