0
我使用的身份服務器3 windows身份驗證並加入聲稱用戶的令牌。我注意到GetProfileDataAsync被調用兩次,其調用者是「ClaimsProviderAccessToken」,它沒有任何請求的聲明,「ClaimsProviderIdentityToken」是調用者的聲明。我如何獲得RequestedClaimTypes,如角色,電子郵件,在「ClaimsProviderAccessToken」中的任何內容?Identity Server和訪問令牌聲明
public override Task GetProfileDataAsync(ProfileDataRequestContext context)
{
// issue the claims for the user
var user = Users.SingleOrDefault(x => x.Subject == context.Subject.GetSubjectId());
if (user != null && context.RequestedClaimTypes != null)
{
context.IssuedClaims = user.Claims.Where(x => context.RequestedClaimTypes.Contains(x.Type));
}
//NOTE: Uncomment and all the claims I need are in access token ?? Comment out and no claims in Access Token ??
//context.IssuedClaims = user.Claims;
return Task.FromResult(0);
}
這裏是正在請求聲稱是訪問令牌我的範圍要求:
new Scope
{
Name = "api",
Enabled = true,
DisplayName = "Sample API",
Description = "Access to a simple API",
Type= ScopeType.Resource,
IncludeAllClaimsForUser = true,
Claims = new List<ScopeClaim>
{
new ScopeClaim(Constants.ClaimTypes.Name),
new ScopeClaim(Constants.ClaimTypes.Role),
new ScopeClaim(Constants.ClaimTypes.Email),
},
ScopeSecrets = new List<Secret>
{
new Secret("api-secret".Sha256())
}
}
我缺少的東西或者是正確的,只是設置context.IssuedClaims到user.Claims或我應該通過RequestedClaimTypes文件?我真的失去了一點點,試圖弄清楚這是如何工作的,不確定是否設置context.IssuedClaims = user.Claims,雖然這看起來像我需要的行爲?