Asp.net mvc 4 Identityserver3-HybridFlow不返回配置文件范围
我已经使用教程设置了identityserver3和MVC4客户端。当我将客户端配置为使用“隐式”流时,一切都按预期工作,我将返回“概要文件”范围。i、 我可以找到索赔的名字和名字。下面是我的配置代码 客户端和用户配置Asp.net mvc 4 Identityserver3-HybridFlow不返回配置文件范围,asp.net-mvc-4,oauth,oauth-2.0,identityserver3,openid-connect,Asp.net Mvc 4,Oauth,Oauth 2.0,Identityserver3,Openid Connect,我已经使用教程设置了identityserver3和MVC4客户端。当我将客户端配置为使用“隐式”流时,一切都按预期工作,我将返回“概要文件”范围。i、 我可以找到索赔的名字和名字。下面是我的配置代码 客户端和用户配置 public static class Users { public static List<InMemoryUser> Get() { return new List<InMemoryUser> {
public static class Users
{
public static List<InMemoryUser> Get()
{
return new List<InMemoryUser>
{
new InMemoryUser
{
Username = "Bob",Password = "password",Subject = "1",
Claims = new []
{
new Claim(Constants.ClaimTypes.GivenName,"firstName"),
new Claim(Constants.ClaimTypes.FamilyName,"lastName")
}
}
};
}
}
public static class Clients
{
public static IEnumerable<Client> Get()
{
return new[]
{
new Client
{
ClientId = "MVC",
ClientName = "MVC Client Name",
RedirectUris = new List<string>
{
"https://localhost:44302/"
},
Flow = Flows.Implicit,
AllowAccessToAllScopes = true
}
};
}
}
public void Configuration(IAppBuilder app)
{
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
app.Map("/identity", appBuilder => {
appBuilder.UseIdentityServer(new IdentityServer3.Core.Configuration.IdentityServerOptions
{
SiteName = "Site Name",
SigningCertificate = LoadCertificate(),
RequireSsl = false,
Factory = new IdentityServer3.Core.Configuration.IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryUsers(Users.Get())
.UseInMemoryScopes(StandardScopes.All)
});
});
app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = "https://localhost:44302/identity",
ClientId = "MVC",
RedirectUri = "https://localhost:44302/",
ResponseType = "id_token",
SignInAsAuthenticationType = "Cookies",
Scope = "openid profile"
});
}
public static IEnumerable<Client> Get()
{
return new[]
{
new Client
{
ClientId = "MVC",
ClientName = "MVC Client Name",
RedirectUris = new List<string>
{
"https://localhost:44302/"
},
Flow = Flows.Hybrid,//Changed this to Hybrid
AllowAccessToAllScopes = true
}
};
}
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = "https://localhost:44302/identity",
ClientId = "MVC",
RedirectUri = "https://localhost:44302/",
ResponseType = "code id_token token", //Changed response type
SignInAsAuthenticationType = "Cookies",
Scope = "openid profile"
});
最后是简单的视图
@model IEnumerable<System.Security.Claims.Claim>
@foreach (var item in Model)
{
<div>
<span>@item.Type</span>
<span>@item.Value</span>
</div>
}
</div>
运行应用程序后,我可以看到以下STS返回的索赔
请注意,给定的\u名称和家族\u名称这一次丢失了索赔
我遗漏了什么吗?当您只要求id\u令牌时,用户的所有声明都在id\u令牌中。当您更改请求以获取令牌(通过请求代码或令牌)时,id_令牌中仅包括配置为“AlwaysInclude”的用户声明。其余的必须使用您收到的访问令牌从用户信息端点检索。您可以使用IdentityModel库中的帮助器API轻松访问用户信息端点。我们的样品展示了如何做到这一点:Hi@Brock Allen,谢谢。出于好奇,我添加了名为“testScope”的自定义作用域,它的Claims属性设置为List{new ScopeClaim(IdentityServer 3.Core.Constants.ClaimTypes.GivenName,alwaysInclude:true)}但在我的示例中仍然看不到“given_name”。在OpenIdConnectAuthenticationOptions中,我将ResponseType的值设置为“code id\u token”,因为混合流需要这些选项。我将作用域的类型更改为“Identity”,并且我可以在声明中看到GivenName。现在,我们需要了解ScopeType.Resource和ScopeType.Identity之间的区别。我有一个和混合流相同的问题。你是怎么解决的。
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = "https://localhost:44302/identity",
ClientId = "MVC",
RedirectUri = "https://localhost:44302/",
ResponseType = "code id_token token", //Changed response type
SignInAsAuthenticationType = "Cookies",
Scope = "openid profile"
});