我正在使用Identity Server 4和Implicit Flow,并且想要向访问令牌添加一些声明,新的声明或属性是"tenantId"和"langId".
我已将langId添加为我的范围之一,如下所示,然后通过身份服务器请求,但我也获得了tenantId.怎么会发生这种情况?
这是范围列表和客户端配置:
public IEnumerable<Scope> GetScopes()
{
return new List<Scope>
{
// standard OpenID Connect scopes
StandardScopes.OpenId,
StandardScopes.ProfileAlwaysInclude,
StandardScopes.EmailAlwaysInclude,
new Scope
{
Name="langId",
Description = "Language",
Type= ScopeType.Resource,
Claims = new List<ScopeClaim>()
{
new ScopeClaim("langId", true)
}
},
new Scope
{
Name = "resourceAPIs",
Description = "Resource APIs",
Type= ScopeType.Resource
},
new Scope
{
Name = "security_api",
Description = "Security APIs",
Type= ScopeType.Resource
},
};
}
客户:
return new List<Client>
{
new Client
{
ClientName = "angular2client", …c# jwt thinktecture-ident-server openid-connect identityserver4
我正在使用身份服务器4作为令牌服务的asp.net MVC应用程序.我有一个api,它有一些安全的资源.我想为api实现角色(授权).我想确保只有具有有效角色的授权资源才能访问api端点,否则会获得401(未经授权的错误).
这是我的配置:
客户
new Client()
{
ClientId = "mvcClient",
ClientName = "MVC Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
ClientSecrets = new List<Secret>()
{
new Secret("secret".Sha256())
},
RequireConsent = false;
// where to redirect to after login
RedirectUris = { "http://localhost:5002/signin-oidc" },
// where to redirect to after logout
PostLogoutRedirectUris = { "http://localhost:5002" },
AllowedScopes =
{
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
StandardScopes.OfflineAccess.Name,
StandardScopes.Roles.Name,
"API"
}
}
领域
return new List<Scope>()
{
StandardScopes.OpenId, // subject id
StandardScopes.Profile, // first name, last name
StandardScopes.OfflineAccess, // requesting …