寻求确认，如果没有第二次调用服务器，IdentityServer 3不支持自定义声明

本文介绍了寻求确认，如果没有第二次调用服务器，IdentityServer 3不支持自定义声明的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

在我看来，我无法向第一次调用Identity Server的响应添加自定义声明（特定于用户）。有人可以确认这个假设吗？

It appears to me that I cannot add a custom claim (that is user-specific) to the response of my first call to Identity Server. Can someone confirm that assumption?

这是我们在应用程序中所做的事情：
使用ResourceOwner Flow，我们的Web应用程序（服务器端）调用Identity Server发送

Here is what we are doing in our app:Using ResourceOwner Flow, our web app (server side) calls Identity Server sending the user's logonID and password and scopes.

我们返回一个JWT，其中包含标准声明，例如sub，idp，client_id；但我们想再添加一个。为简单起见，假设还有一个要求是用户的emailAddress。

We get back a JWT which contains the standard claims like sub, idp, client_id; but we would like to add one more. To simplify, let's say that one additional claim is the emailAddress of the user.

看来，我们必须再次调用Identity Server并获取新令牌。那是对的吗？

It appears that we must make another call to the Identity Server and get a new token. Is that correct? Isn't there some way we can get that value in the initial call?

推荐答案

很抱歉成为我自己的答案的人吗？问题，但我发现了如何使它生效。

Sorry to be the one to answer my own question, but I found out how to make this work.

创建自定义范围。确保类型= ScopeType.Resource，并且IncludeAllClaimsForUser = false，并向该范围中添加一个Claims集合，并将ScopeClaim的第二个参数设置为true。

添加

在IUserService覆盖中的AuthenticateLocalAsync中，确保将user.Claims作为对AuthenticateResult的调用中的第三个参数。

在您的IUserService覆盖中的GetProfileDataAsync中，添加以下代码：

Create a custom scope. Make sure that the Type = ScopeType.Resource, and that IncludeAllClaimsForUser = false, and add a collection of Claims to the scope, and set the second parameter of the ScopeClaim to true.
Add the custom scope to your client.
In your IUserService override, in AuthenticateLocalAsync, make sure to pass the user.Claims as the 3rd parameter in the call to AuthenticateResult.
In your IUserService override, in GetProfileDataAsync add the following code:

if (context.RequestedClaimTypes != null)
{
    List<Claim> newclaims = new List<Claim>();
    foreach (Claim claim in context.Subject.Claims)
    {
        if (context.RequestedClaimTypes.Contains(claim.Type))
        {
            newclaims.Add(claim);
        }
    }
    context.IssuedClaims = newclaims;
}
return Task.FromResult(context.IssuedClaims);

最后，要确保每次用户登录时均触发GetProfileDataAsync，而不仅仅是第一次，请确保您没有打开缓存。这可能意味着删除启动中的如下代码行：factory.ConfigureUserServiceCache（）。

Finally, to make sure that GetProfileDataAsync fires every time the user logs in, not just the first time, make sure that you do not have caching turned on. This probably means removing a line of code in your startup that looks like this: factory.ConfigureUserServiceCache().

这篇关于寻求确认，如果没有第二次调用服务器，IdentityServer 3不支持自定义声明的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！