C# Identity Server OAuth 2.0代码授予-如何在同意屏幕中请求自定义作用域的权限
我已经实现了Identity Server,它也在工作 我的一个客户机是MVC客户机,在身份验证期间,我想显示同意屏幕。为此,我在客户端配置中添加了'RequireConsent=true' 现在它显示了同意屏幕,但问题是,它只显示“openid”和“profile”范围的权限 我还有其他几个自定义作用域,如“Api1.read”、“Api1.write”,当Identity Server为concent屏幕构建视图模式时,这些作用域不会在授权请求时获取 我做错了什么。 在客户端上,AllowedScope包含= {'openid','profile','Api1.read','Api1.write'} 当它进入同意页面时,ApiResources和APIScope为空,但openid和profile在IdentityResources中可用 这就是我在启动时配置IdentityServer的方式C# Identity Server OAuth 2.0代码授予-如何在同意屏幕中请求自定义作用域的权限,c#,asp.net-core,oauth-2.0,identityserver4,C#,Asp.net Core,Oauth 2.0,Identityserver4,我已经实现了Identity Server,它也在工作 我的一个客户机是MVC客户机,在身份验证期间,我想显示同意屏幕。为此,我在客户端配置中添加了'RequireConsent=true' 现在它显示了同意屏幕,但问题是,它只显示“openid”和“profile”范围的权限 我还有其他几个自定义作用域,如“Api1.read”、“Api1.write”,当Identity Server为concent屏幕构建视图模式时,这些作用域不会在授权请求时获取 我做错了什么。 在客户端上,Allowe
services.AddIdentityServer(options =>
{
options.Authentication.CookieLifetime = TimeSpan.FromSeconds(config.IdentityServerCookieLifetime);
})
.AddDeveloperSigningCredential()
.AddCorsPolicyService<MyCORSPolicy>()
.AddResourceStore<MyResourceStore>()
.AddClientStore<MyClientStore>()
.AddProfileService<ProfileService>()
.AddDeveloperSigningCredential();
这是我的ResourceStore实现
public class MyResourceStore : IResourceStore
{
private readonly IConfiguration config;
private readonly string connectionString;
public MyResourceStore(IConfiguration config)
{
this.config = config;
this.connectionString = config.GetConnectionString("AuthConfigDatabase");
}
public async Task<IEnumerable<IdentityServer4.Models.ApiResource>> FindApiResourcesByNameAsync(IEnumerable<string> apiResourceNames)
{
var apis = SqlHelper.Query<AuthApiResources>($"SELECT * FROM AuthApiResources WHERE Name='{apiResourceNames}' AND IsActive=1", connectionString);
if (apis != null)
{
var result = new List<IdentityServer4.Models.ApiResource>();
foreach (var api in apis)
{
var availableScopes = new List<string>() { "openid", "profile" };
availableScopes.AddRange(api.SupportedScopes.Split(",").ToList());
result.Add(new IdentityServer4.Models.ApiResource
{
Name = api.Name,
DisplayName = api.DisplayName,
Scopes = availableScopes
});
}
return result;
}
return null;
}
public async Task<IEnumerable<IdentityServer4.Models.ApiResource>> FindApiResourcesByScopeNameAsync(IEnumerable<string> scopesList)
{
var scopeNames = scopesList.ToList();
var likeStatements = "";
for (var i = 0; i < scopeNames.Count(); i++)
{
if (i == scopeNames.Count() - 1)
{
likeStatements += $"SupportedScopes LIKE '%{scopeNames[i]}%'";
}
else
{
likeStatements += $"SupportedScopes LIKE '%{scopeNames[i]}%' OR ";
}
}
var apis = SqlHelper.Query<AuthApiResources>($"SELECT * FROM AuthApiResources WHERE ({likeStatements}) AND IsActive=1", connectionString);
if (apis != null)
{
var result = new List<IdentityServer4.Models.ApiResource>();
foreach (var api in apis)
{
var availableScopes = new List<string>() { "openid", "profile" };
availableScopes.AddRange(api.SupportedScopes.Split(",").ToList());
result.Add(new IdentityServer4.Models.ApiResource
{
Name = api.Name,
DisplayName = api.DisplayName,
Scopes = availableScopes
});
}
return result;
}
return null;
}
public async Task<IEnumerable<ApiScope>> FindApiScopesByNameAsync(IEnumerable<string> scopesList)
{
var scopeNames = scopesList.ToList();
var likeStatements = "";
for (var i = 0; i < scopeNames.Count(); i++)
{
if (i == scopeNames.Count() - 1)
{
likeStatements += $"ScopeName='{scopeNames[i]}'";
}
else
{
likeStatements += $"ScopeName='{scopeNames[i]}' OR ";
}
}
var scopes = SqlHelper.Query<AuthScope>($"SELECT * FROM AuthScopes WHERE ({likeStatements})", connectionString);
if (scopes != null)
{
var result = new List<IdentityServer4.Models.ApiScope>();
foreach (var scope in scopes)
{
result.Add(new IdentityServer4.Models.ApiScope
{
Name = scope.ScopeName,
DisplayName = scope.ScopeDescription
});
}
return result;
}
return null;
}
public async Task<IEnumerable<IdentityResource>> FindIdentityResourcesByScopeNameAsync(IEnumerable<string> scopeNames)
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile()
};
}
public async Task<Resources> GetAllResourcesAsync()
{
var allResources = new Resources();
allResources.IdentityResources =
new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile()
};
var apis = SqlHelper.Query<AuthApiResources>($"SELECT * FROM AuthApiResources WHERE IsActive=1", connectionString);
if (apis != null)
{
var result = new List<IdentityServer4.Models.ApiResource>();
foreach (var api in apis)
{
var availableScopes = new List<string>() { "openid", "profile" };
availableScopes.AddRange(api.SupportedScopes.Split(",").ToList());
result.Add(new IdentityServer4.Models.ApiResource
{
Name = api.Name,
DisplayName = api.DisplayName,
Scopes = availableScopes
});
}
allResources.ApiResources = result;
}
var scopes = SqlHelper.Query<AuthScope>($"SELECT * FROM AuthScopes", connectionString);
if (scopes != null)
{
var result = new List<IdentityServer4.Models.ApiScope>();
foreach (var scope in scopes)
{
result.Add(new IdentityServer4.Models.ApiScope
{
Name = scope.ScopeName,
DisplayName = scope.ScopeDescription
});
}
allResources.ApiScopes = result;
}
return allResources;
}
}
公共类MyResourceStore:IResourceStore
{
私有只读IConfiguration配置;
私有只读字符串连接字符串;
公共MyResourceStore(IConfiguration配置)
{
this.config=config;
this.connectionString=config.GetConnectionString(“AuthConfigDatabase”);
}
公共异步任务FindApiResourcesByNameAsync(IEnumerable apiResourceNames)
{
var api=SqlHelper.Query
我做错了什么在您的客户机中,在AddOpenIdConnect方法中,您还需要定义您想要访问的作用域,例如:
.AddOpenIdConnect(options =>
{
...
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("employee_info");
...
}
请将如何配置AddOpenIDConnect添加到问题中。@ToreNestenius Added Startup.cs configurational因此,添加如何在客户端MVC端配置AddOpenIDConnect添加到原始问题是在MVC端添加作用域后工作
.AddOpenIdConnect(options =>
{
...
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("employee_info");
...
}