如何查看已从用户身份添加到用户访问令牌的自定义声明?
How can I see a custom claim that I've added to my user's access token from the User's Identity?
我需要访问我在身份验证后添加到用户的自定义声明
在我的授权服务器中,我将自定义声明添加到响应中,如下所示
public class MyProfileService : IProfileService
{
public async Task GetProfileDataAsync(ProfileDataRequestContext context)
{
var claims = new List<Claim>();
claims.Add(new Claim("MyNewClaim", "lol"));
context.IssuedClaims = claims;
在我的调用客户端上,我可以看到我在 OnTokenResponseReceived 中检查的原始令牌在解码时具有声明
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.Events.OnTokenResponseReceived += ctxt =>
{
ctxt.TokenEndpointResponse.AccessToken // <-- has raw token that contains claim
调用客户端有一个中间件组件,它试图从用户身份中读取声明:
public async Task InvokeAsync(HttpContext context)
{
var claimsIdentity = (ClaimsIdentity)context.User.Identity;
var hasNewClaim = claimsIdentity.HasClaim(c => c.Type == "MyNewClaim"); // always false
我遇到的问题是索赔从未存在过。
问题:
我需要做什么才能访问我的用户身份中的新声明?
解决方法是从令牌服务的 /UserInfo 端点检索补充数据。
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
// stuff
options.Events.OnUserInformationReceived += context =>
{
// get UserInfo data from the context
var userInfo = JsonConvert.DeserializeObject<OpenIdConnectUserInfo>(context.User.RootElement.ToString());
// do stuff with the newly acquired info.
return Task.CompletedTask;
};
// go home and tell your kids you love them
});
我需要访问我在身份验证后添加到用户的自定义声明
在我的授权服务器中,我将自定义声明添加到响应中,如下所示
public class MyProfileService : IProfileService
{
public async Task GetProfileDataAsync(ProfileDataRequestContext context)
{
var claims = new List<Claim>();
claims.Add(new Claim("MyNewClaim", "lol"));
context.IssuedClaims = claims;
在我的调用客户端上,我可以看到我在 OnTokenResponseReceived 中检查的原始令牌在解码时具有声明
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.Events.OnTokenResponseReceived += ctxt =>
{
ctxt.TokenEndpointResponse.AccessToken // <-- has raw token that contains claim
调用客户端有一个中间件组件,它试图从用户身份中读取声明:
public async Task InvokeAsync(HttpContext context)
{
var claimsIdentity = (ClaimsIdentity)context.User.Identity;
var hasNewClaim = claimsIdentity.HasClaim(c => c.Type == "MyNewClaim"); // always false
我遇到的问题是索赔从未存在过。
问题:
我需要做什么才能访问我的用户身份中的新声明?
解决方法是从令牌服务的 /UserInfo 端点检索补充数据。
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
// stuff
options.Events.OnUserInformationReceived += context =>
{
// get UserInfo data from the context
var userInfo = JsonConvert.DeserializeObject<OpenIdConnectUserInfo>(context.User.RootElement.ToString());
// do stuff with the newly acquired info.
return Task.CompletedTask;
};
// go home and tell your kids you love them
});