使用OpenIddict请求令牌时,如何添加要返回的自定义声明? [英] How can I add custom claims to be returned when requesting a token using OpenIddict?
问题描述
我正在构建ASP.NET Core 1.1应用程序(跨平台)并尝试(使用
I'm building ASP.NET Core 1.1 app (cross platform) and trying (using this sample) to add custom claims to the returned access_token
when requesting /connect/token
endpoint.
What I need is to not only return the claims serialized in the access_token
but to return them in the response like this:
{
"token_type": "Bearer",
"access_token": "...",
"expires_in": 1799,
"custom_claim": "..."
}
我在互联网上发现必须使用 AspNet.Security.OpenIdConnect.Server
并编写我的提供程序,以便能够执行我想要的操作.
使用第一个样本难道不是一种简单的方法吗?
我使用的是OAUth 2.0,授予类型为Password
,没有JWT.
不要求不使用JWT,这只是我在ASP.NET 4.5中曾经使用过OAuth
What I found on internet that I have to use AspNet.Security.OpenIdConnect.Server
and write my provider in order to be able to do what I want.
Isn't there a simple way using the first sample ?
I'm using OAUth 2.0, grant type Password
and no JWT.
Not a requirement to not use JWT, it's just I used to OAuth in ASP.NET 4.5
推荐答案
我需要的不仅是返回在access_token中序列化的声明,而且要在响应中返回它们,如下所示:
What I need is to not only return the claims serialized in the access_token but to return them in the response like this:
尽管我鼓励您将这些声明存储在身份令牌中-以便客户端可以以完全标准的方式轻松读取它们,但在OpenIddict 1.0和2.0 RTM中还是可以的.为此,您有2个选择:
While I encourage you to store these claims in identity tokens - so that they can be easily read by the client in a completely standard way, it's possible in OpenIddict 1.0 and 2.0 RTM. For that, you have 2 options:
ticket.SetProperty("custom_claim" + OpenIddictConstants.PropertyTypes.String, user.Id);
注意:OpenIddictConstants.PropertyTypes.String
是一个特殊的后缀,指示添加到票证的身份验证属性可以作为令牌响应的一部分公开.如果您希望将声明作为JSON数字或更复杂的JSON结构返回,则可以使用其他常量.
Note: OpenIddictConstants.PropertyTypes.String
is a special suffix indicating the authentication property added to the ticket can be exposed as part of the token response. Other constants are available if you prefer returning your claim as a JSON number or a more complex JSON structure.
services.AddOpenIddict()
// Register the OpenIddict core services.
.AddCore(options =>
{
// ...
})
// Register the OpenIddict server handler.
.AddServer(options =>
{
// ...
options.AddEventHandler<OpenIddictServerEvents.ApplyTokenResponse>(
notification =>
{
if (string.IsNullOrEmpty(notification.Context.Error))
{
var principal = notification.Context.Ticket.Principal;
var response = notification.Context.Response;
response["custom_claim"] = principal.FindFirst("your_claim_attached_to_the_principal").Value;
}
return Task.FromResult(OpenIddictServerEventState.Unhandled);
});
})
// Register the OpenIddict validation handler.
.AddValidation();
这篇关于使用OpenIddict请求令牌时,如何添加要返回的自定义声明?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!