identityserver4 客户端获取全部Claim的值
0
悬赏园豆:50
[待解决问题]
identityserver4 code模式下,登录后,设置了自定义Claim,客户端却只能获取固定几个值,不知道如何设置才能访问设置的全部Claim。
服务端:
//Program new Client { ClientId="weblogin_code", ClientSecrets={new Secret("rxt3vi3egd3aqwf6".Sha256())}, AllowedGrantTypes=GrantTypes.Code, RequireConsent=false, RequirePkce=true, RedirectUris={ "https://localhost:2001/signin-oidc"}, PostLogoutRedirectUris={ "https://localhost:2001/signout-callback-oidc"}, AllowedScopes = { "openid", "profile","member","role"}, AllowOfflineAccess = true, AccessTokenLifetime = 60, }, //Login var claims = new Claim[] { new Claim("UserName",user.UserName), new Claim("ID",user.ID.Value.ToString()), new Claim("DepartmentName",user.DepartmentName.ToString()), new Claim(ClaimTypes.Email,"123456789@qq.com"), new Claim(ClaimTypes.NameIdentifier,"NameIdentifier"), new Claim(ClaimTypes.Name,"Name"), new Claim(ClaimTypes.Role,"admin"), new Claim(ClaimTypes.Actor,"Actor"), }; var isuser = new IdentityServerUser(user.ID.ToString()) { DisplayName = user.Name, AdditionalClaims = claims }; await HttpContext.SignInAsync(isuser, props); //服务端获取的用户信息 sub : 456 name : test_name UserName : test ID : 456 DepartmentName : DepartmentName http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress : 123456789@qq.com http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier : NameIdentifier http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name : Name http://schemas.microsoft.com/ws/2008/06/identity/claims/role : admin http://schemas.xmlsoap.org/ws/2009/09/identity/claims/actor : Actor idp : local amr : pwd auth_time : 1650546505
客户端:
Program: services.AddAuthentication(options => { options.DefaultScheme = "Cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("Cookies") .AddOpenIdConnect("oidc", options => { options.Authority = "https://localhost:2000"; options.TokenValidationParameters.RequireAudience = true; options.RequireHttpsMetadata = false; options.SignInScheme = "Cookies"; options.ClientId = "weblogin_code"; options.ClientSecret = "rxt3vi3egd3aqwf6"; options.ResponseType = "code"; //options.RequireHttpsMetadata = true; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Add("member"); options.Scope.Add("openid"); options.Scope.Add("profile"); }); //获取的用户信息只有以下: s_hash : -jkjJ6S3-7-THACKPCm1Ww sid : 9789BA22D449D928EB01EF7E75D632AB sub : 456 auth_time : 1650546505 idp : local amr : pwd name : test_name
所有回答(1)
0
没有人接分吗?
在服务中心的Client中,添加AlwaysIncludeUserClaimsInIdToken=true
官网解释:
客户端中添加相关字段内容:
options.Scope.Add("UserName");
options.Scope.Add("ID");
