未从身份服务器获取用户“电子邮件”作为声明(来自 jwt 令牌)
Sim*_*ons 2 c# asp.net-identity asp.net-core identityserver4
我在 IdentityServer 上有一个客户端,它允许 openid、个人资料和电子邮件范围:
return new[] {
new Client
{
ClientId = "TestWebApp",
ClientSecrets = new [] { new Secret("TestSecret".Sha256()) },
AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
AllowedScopes = new List<string>{ StandardScopes.OpenId, StandardScopes.Profile,StandardScopes.Email },
}
};
我还定义了以下身份资源,
public static IEnumerable<IdentityResource> IdentityResources()
{
return new IdentityResource[] {
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email()
};
}
如果声明丢失,我会在创建时明确将电子邮件添加到用户声明中:
await _userManager.AddClaimAsync(testUser, new Claim("email", user.Username));
现在从我的登录控制器使用ResourceOwnerPasswordAndClientCredentials我发送身份验证请求:
var client = new OAuth2Client(new Uri("http://localhost:44322/connect/token"), "TestWebApp", "TestSecret");
var requestResponse = client.RequestAccessTokenUserName(model.Email, model.Password, "openid profile email");
这工作正常,我正在取回范围,但它们都是空白的。
如果您想在 Id 令牌中包含用户声明,您可以在客户端配置上将 AlwaysIncludeUserClaimsInIdToken 设置为 true。
return new[] {
new Client
{
ClientId = "TestWebApp",
ClientSecrets = new [] { new Secret("TestSecret".Sha256()) },
AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
AllowedScopes = new List<string>{ StandardScopes.OpenId,
StandardScopes.Profile,StandardScopes.Email },
AlwaysIncludeUserClaimsInIdToken = true
}
};