使用OpenIddict请求令牌时，如何添加要返回的自定义声明? [英] How can I add custom claims to be returned when requesting a token using OpenIddict?

问题描述

我正在构建ASP.NET Core 1.1应用程序(跨平台)并尝试(使用

I'm building ASP.NET Core 1.1 app (cross platform) and trying (using this sample) to add custom claims to the returned access_token when requesting /connect/token endpoint.
What I need is to not only return the claims serialized in the access_token but to return them in the response like this:

{
 "token_type": "Bearer",
 "access_token": "...",
 "expires_in": 1799,
 "custom_claim": "..."
}

我在互联网上发现必须使用 AspNet.Security.OpenIdConnect.Server 并编写我的提供程序，以便能够执行我想要的操作.
使用第一个样本难道不是一种简单的方法吗?
我使用的是OAUth 2.0，授予类型为Password，没有JWT.
不要求不使用JWT，这只是我在ASP.NET 4.5中曾经使用过OAuth

What I found on internet that I have to use AspNet.Security.OpenIdConnect.Server and write my provider in order to be able to do what I want.
Isn't there a simple way using the first sample ?
I'm using OAUth 2.0, grant type Password and no JWT.
Not a requirement to not use JWT, it's just I used to OAuth in ASP.NET 4.5

推荐答案

我需要的不仅是返回在access_token中序列化的声明，而且要在响应中返回它们，如下所示:

What I need is to not only return the claims serialized in the access_token but to return them in the response like this:

尽管我鼓励您将这些声明存储在身份令牌中-以便客户端可以以完全标准的方式轻松读取它们，但在OpenIddict 1.0和2.0 RTM中还是可以的.为此，您有2个选择:

While I encourage you to store these claims in identity tokens - so that they can be easily read by the client in a completely standard way, it's possible in OpenIddict 1.0 and 2.0 RTM. For that, you have 2 options:

ticket.SetProperty("custom_claim" + OpenIddictConstants.PropertyTypes.String, user.Id);

注意:OpenIddictConstants.PropertyTypes.String是一个特殊的后缀，指示添加到票证的身份验证属性可以作为令牌响应的一部分公开.如果您希望将声明作为JSON数字或更复杂的JSON结构返回，则可以使用其他常量.

Note: OpenIddictConstants.PropertyTypes.String is a special suffix indicating the authentication property added to the ticket can be exposed as part of the token response. Other constants are available if you prefer returning your claim as a JSON number or a more complex JSON structure.

services.AddOpenIddict()

    // Register the OpenIddict core services.
    .AddCore(options =>
    {
        // ...
    })

    // Register the OpenIddict server handler.
    .AddServer(options =>
    {
        // ...

        options.AddEventHandler<OpenIddictServerEvents.ApplyTokenResponse>(
            notification =>
            {
                if (string.IsNullOrEmpty(notification.Context.Error))
                {
                    var principal = notification.Context.Ticket.Principal;
                    var response = notification.Context.Response;
                    response["custom_claim"] = principal.FindFirst("your_claim_attached_to_the_principal").Value;
                }

                return Task.FromResult(OpenIddictServerEventState.Unhandled);
            });
    })

    // Register the OpenIddict validation handler.
    .AddValidation();

这篇关于使用OpenIddict请求令牌时，如何添加要返回的自定义声明?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！