首页 新闻 会员 周边

identityserver4 客户端获取全部Claim的值

0
悬赏园豆:50 [待解决问题]

identityserver4 code模式下,登录后,设置了自定义Claim,客户端却只能获取固定几个值,不知道如何设置才能访问设置的全部Claim。

服务端:

//Program
new Client
{
    ClientId="weblogin_code",
    ClientSecrets={new Secret("rxt3vi3egd3aqwf6".Sha256())},
    AllowedGrantTypes=GrantTypes.Code,
    RequireConsent=false,
    RequirePkce=true,
    RedirectUris={ "https://localhost:2001/signin-oidc"},
    PostLogoutRedirectUris={ "https://localhost:2001/signout-callback-oidc"},
    AllowedScopes = { "openid", "profile","member","role"},
    AllowOfflineAccess = true,
    AccessTokenLifetime = 60,
},
//Login
var claims = new Claim[]
{
    new Claim("UserName",user.UserName),
    new Claim("ID",user.ID.Value.ToString()),
    new Claim("DepartmentName",user.DepartmentName.ToString()),

    new Claim(ClaimTypes.Email,"123456789@qq.com"),
    new Claim(ClaimTypes.NameIdentifier,"NameIdentifier"),
    new Claim(ClaimTypes.Name,"Name"),
    new Claim(ClaimTypes.Role,"admin"),
    new Claim(ClaimTypes.Actor,"Actor"),
};
var isuser = new IdentityServerUser(user.ID.ToString())
{
    DisplayName = user.Name,
    AdditionalClaims = claims
};
await HttpContext.SignInAsync(isuser, props);

//服务端获取的用户信息
sub : 456
name : test_name
UserName : test
ID : 456
DepartmentName : DepartmentName
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress : 123456789@qq.com
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier : NameIdentifier
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name : Name
http://schemas.microsoft.com/ws/2008/06/identity/claims/role : admin
http://schemas.xmlsoap.org/ws/2009/09/identity/claims/actor : Actor
idp : local
amr : pwd
auth_time : 1650546505

客户端:

复制代码
Program:
services.AddAuthentication(options =>
{
    options.DefaultScheme = "Cookies";
    options.DefaultChallengeScheme = "oidc";

})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
    options.Authority = "https://localhost:2000"; 
    options.TokenValidationParameters.RequireAudience = true;
    options.RequireHttpsMetadata = false;
    options.SignInScheme = "Cookies";
    options.ClientId = "weblogin_code";
    options.ClientSecret = "rxt3vi3egd3aqwf6";
    options.ResponseType = "code";
    //options.RequireHttpsMetadata = true;
    options.SaveTokens = true;
    options.GetClaimsFromUserInfoEndpoint = true;
    options.Scope.Add("member");
    options.Scope.Add("openid");
    options.Scope.Add("profile");
});

//获取的用户信息只有以下:
s_hash : -jkjJ6S3-7-THACKPCm1Ww
sid : 9789BA22D449D928EB01EF7E75D632AB
sub : 456
auth_time : 1650546505
idp : local
amr : pwd
name : test_name
复制代码
mcluzhi的主页 mcluzhi | 初学一级 | 园豆:6
提问于:2022-04-21 21:18
< >
分享
所有回答(1)
0

没有人接分吗?

在服务中心的Client中,添加AlwaysIncludeUserClaimsInIdToken=true

官网解释:

 

 客户端中添加相关字段内容:

options.Scope.Add("UserName");
options.Scope.Add("ID");

mcluzhi | 园豆:6 (初学一级) | 2022-04-25 20:52
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册