Eri*_*c B 6 openid asp.net-core asp.net-core-2.0
我的应用程序使用 OpenId 进行身份验证,如下所示:
services.AddAuthentication(o =>
{
o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(o =>
{
o.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
o.Scope.Add("openid");
o.Scope.Add("permissions");
o.Authority = "https://localhost:44305";
o.ClientId = "MyTestClient";
o.ClientSecret = "MyTestClientSecret";
o.ResponseType = OpenIdConnectResponseType.IdTokenToken;
});
当我在身份验证后检查用户对象时,它仅具有来自 ID 令牌的声明,而不是来自访问令牌的声明。如何从访问令牌获取声明?
您可以使用 OpenIdConnectOptions.Events 中的 OnTokenResponseReceived 事件
services.AddAuthentication(o =>
{
o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
o.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(o =>
{
o.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
o.Scope.Add("openid");
o.Scope.Add("permissions");
o.Authority = "https://localhost:44305";
o.ClientId = "MyTestClient";
o.ClientSecret = "MyTestClientSecret";
o.ResponseType = OpenIdConnectResponseType.IdTokenToken;
o.Events = new OpenIdConnectEvents
{
OnTokenResponseReceived = ctx =>
{
var handler = new JwtSecurityTokenHandler();
var jsonToken = handler.ReadJwtToken(ctx.TokenEndpointResponse.AccessToken);
//jsonToken.Claims <--here you go, update the ctx.Principal if necessary.
return Task.CompletedTask;
}
};
});
我相信您需要拦截来自 AddOpenIdConnect() 的 OnAuthorizationCodeReceived 事件。从那里您应该可以访问 ctx.ProtocolMessage.Code,它是与 AcquireTokenByAuthorizationCodeAsync() 一起使用的 AuthorizationCode 以生成更多令牌。您还需要将 ResponseType 设置为“code id_token”,以便为您生成代码。一个很好的教程是https://joonasw.net/view/aspnet-core-2-azure-ad-authenticatio。希望这可以帮助
| 归档时间: |
|
| 查看次数: |
3095 次 |
| 最近记录: |