Asp.net core Identity Server 4 SignInAsync中附加LocalClaims的目的是什么

Asp.net core Identity Server 4 SignInAsync中附加LocalClaims的目的是什么,asp.net-core,identityserver4,claims,Asp.net Core,Identityserver4,Claims,在Identity Server 4的快速启动,ExternalController.cs-CallBack方法中,我发现了以下内容: // this allows us to collect any additonal claims or properties // for the specific prtotocols used and store them in the local auth cookie. // this is typically used to store data n

在Identity Server 4的快速启动,
ExternalController.cs
-
CallBack
方法中,我发现了以下内容:

// this allows us to collect any additonal claims or properties
// for the specific prtotocols used and store them in the local auth cookie.
// this is typically used to store data needed for signout from those protocols.
var additionalLocalClaims = new List<Claim>();
var localSignInProps = new AuthenticationProperties();
ProcessLoginCallbackForOidc(result, additionalLocalClaims, localSignInProps);

// issue authentication cookie for user
await HttpContext.SignInAsync(user.SubjectId, user.Username, provider, localSignInProps, additionalLocalClaims.ToArray());
additionalLocalClaims.Add(new Claim("TestName", "TestValue"));
但它从未出现在UserClaims或AccessToken中,即使ApiResource中包含ClaimType“TestName”

我想在AccessToken中为Google身份验证添加一些自定义声明/值,我认为AdditionalLocalClaimes是添加其他声明的正确方法


p.S.我最终实施了
IProfileService
,并可以返回额外的索赔。但是我仍然想知道
HttpContext.SignInAsync
扩展方法中的
additionalLocalClaims
的用例是什么。

ASP.NET Core中的HttpContext上有与身份验证相关的扩展方法,用于发布身份验证cookie并登录用户,您还可以向cookie中添加自定义Cliam,用于Identity Server 4的身份验证会话。例如,您可以添加注销所需的声明,某些外部身份验证提供程序可能会发出会话id声明,您可以通过
additionalLocalClaims
将其包含在本地身份验证cookie中,如果用户在您的标识服务器中注销,则可使用该选项从外部标识提供程序执行单次注销。但是声明保存在IDS4的本地身份验证cookie中,它们不在ID令牌、访问令牌和userinfo端点中。您可以实现
IProfileService
,正如您所说的,在令牌或userinfo端点中包含自定义声明