identityserver3 openid 配置未显示所有范围
identityserver3 openid configuration not showing all scopes
我正在阅读 getting started guide of identityserver3,它提到了开放 ID 配置端点:
identity/.well-known/openid-configuration
这将列出您的范围。
在他们的示例中,它列出了:
- openid
- 简介
- 电子邮件
- phone
- 地址
在我的应用程序中,我创建了一个名为 api 的范围,当我创建 客户端 时,我设置 AllowAccessToAllScopes 为 true,但是当转到 openid 配置端点时,我得到这个:
{
"issuer":"https://localhost:44313",
"jwks_uri":"https://localhost:44313/identity/.well-known/jwks",
"authorization_endpoint":"https://localhost:44313/identity/connect/authorize",
"token_endpoint":"https://localhost:44313/identity/connect/token",
"userinfo_endpoint":"https://localhost:44313/identity/connect/userinfo",
"end_session_endpoint":"https://localhost:44313/identity/connect/endsession",
"check_session_iframe":"https://localhost:44313/identity/connect/checksession",
"revocation_endpoint":"https://localhost:44313/identity/connect/revocation",
"introspection_endpoint":"https://localhost:44313/identity/connect/introspect",
"frontchannel_logout_supported":true,
"frontchannel_logout_session_supported":true,
"scopes_supported":[
"api"
],
"claims_supported":[
],
"response_types_supported":[
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported":[
"form_post",
"query",
"fragment"
],
"grant_types_supported":[
"authorization_code",
"client_credentials",
"password",
"refresh_token",
"implicit"
],
"subject_types_supported":[
"public"
],
"id_token_signing_alg_values_supported":[
"RS256"
],
"code_challenge_methods_supported":[
"plain",
"S256"
],
"token_endpoint_auth_methods_supported":[
"client_secret_post",
"client_secret_basic"
]
}
如您所见,仅支持一个范围。
有谁知道为什么?或者我怎样才能得到所有的范围?
我想通了。如果您查看我提供的 link,第一个内存示例使用 StandardScopes.All。我在存储库中查看了它,并看到了它添加的范围列表。我决定更改 ScopeStore 并添加这些范围,如下所示:
public class ScopeStore: IScopeStore
{
private readonly DbContext _context;
public ScopeStore(DbContext context)
{
_context = context;
}
public async Task<IEnumerable<IdentityServer3.Core.Models.Scope>> FindScopesAsync(IEnumerable<string> scopeNames)
{
var models = await List().Where(m => scopeNames.Contains(m.Name)).ToListAsync();
return AddStandardScopes(models);
}
public async Task<IEnumerable<IdentityServer3.Core.Models.Scope>> GetScopesAsync(bool publicOnly = true)
{
var models = await List(publicOnly).ToListAsync();
return AddStandardScopes(models);
}
/// <summary>
/// Gets a list of Scopes
/// </summary>
/// <param name="publicOnly">A boolean to show public scopes or not</param>
/// <returns>The matched Scopes</returns>
public IQueryable<IdentityServer3.EntityFramework.Entities.Scope> List(bool publicOnly = true, params string[] includes)
{
var models = _context.Set<IdentityServer3.EntityFramework.Entities.Scope>();
if (publicOnly)
return models.Where(m => m.ShowInDiscoveryDocument);
return models;
}
private IEnumerable<IdentityServer3.Core.Models.Scope> AddStandardScopes(IEnumerable<IdentityServer3.EntityFramework.Entities.Scope> scopes)
{
var models = scopes.Select(m => m.ToModel()).ToList();
models.AddRange(StandardScopes.All.ToList());
return models;
}
}
完成后,当我返回配置页面时,所有范围都已列出,我终于可以获取用户信息了。
我正在阅读 getting started guide of identityserver3,它提到了开放 ID 配置端点:
identity/.well-known/openid-configuration
这将列出您的范围。 在他们的示例中,它列出了:
- openid
- 简介
- 电子邮件
- phone
- 地址
在我的应用程序中,我创建了一个名为 api 的范围,当我创建 客户端 时,我设置 AllowAccessToAllScopes 为 true,但是当转到 openid 配置端点时,我得到这个:
{
"issuer":"https://localhost:44313",
"jwks_uri":"https://localhost:44313/identity/.well-known/jwks",
"authorization_endpoint":"https://localhost:44313/identity/connect/authorize",
"token_endpoint":"https://localhost:44313/identity/connect/token",
"userinfo_endpoint":"https://localhost:44313/identity/connect/userinfo",
"end_session_endpoint":"https://localhost:44313/identity/connect/endsession",
"check_session_iframe":"https://localhost:44313/identity/connect/checksession",
"revocation_endpoint":"https://localhost:44313/identity/connect/revocation",
"introspection_endpoint":"https://localhost:44313/identity/connect/introspect",
"frontchannel_logout_supported":true,
"frontchannel_logout_session_supported":true,
"scopes_supported":[
"api"
],
"claims_supported":[
],
"response_types_supported":[
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported":[
"form_post",
"query",
"fragment"
],
"grant_types_supported":[
"authorization_code",
"client_credentials",
"password",
"refresh_token",
"implicit"
],
"subject_types_supported":[
"public"
],
"id_token_signing_alg_values_supported":[
"RS256"
],
"code_challenge_methods_supported":[
"plain",
"S256"
],
"token_endpoint_auth_methods_supported":[
"client_secret_post",
"client_secret_basic"
]
}
如您所见,仅支持一个范围。 有谁知道为什么?或者我怎样才能得到所有的范围?
我想通了。如果您查看我提供的 link,第一个内存示例使用 StandardScopes.All。我在存储库中查看了它,并看到了它添加的范围列表。我决定更改 ScopeStore 并添加这些范围,如下所示:
public class ScopeStore: IScopeStore
{
private readonly DbContext _context;
public ScopeStore(DbContext context)
{
_context = context;
}
public async Task<IEnumerable<IdentityServer3.Core.Models.Scope>> FindScopesAsync(IEnumerable<string> scopeNames)
{
var models = await List().Where(m => scopeNames.Contains(m.Name)).ToListAsync();
return AddStandardScopes(models);
}
public async Task<IEnumerable<IdentityServer3.Core.Models.Scope>> GetScopesAsync(bool publicOnly = true)
{
var models = await List(publicOnly).ToListAsync();
return AddStandardScopes(models);
}
/// <summary>
/// Gets a list of Scopes
/// </summary>
/// <param name="publicOnly">A boolean to show public scopes or not</param>
/// <returns>The matched Scopes</returns>
public IQueryable<IdentityServer3.EntityFramework.Entities.Scope> List(bool publicOnly = true, params string[] includes)
{
var models = _context.Set<IdentityServer3.EntityFramework.Entities.Scope>();
if (publicOnly)
return models.Where(m => m.ShowInDiscoveryDocument);
return models;
}
private IEnumerable<IdentityServer3.Core.Models.Scope> AddStandardScopes(IEnumerable<IdentityServer3.EntityFramework.Entities.Scope> scopes)
{
var models = scopes.Select(m => m.ToModel()).ToList();
models.AddRange(StandardScopes.All.ToList());
return models;
}
}
完成后,当我返回配置页面时,所有范围都已列出,我终于可以获取用户信息了。