IdentityServer4:为Client_Credential Granttype的客户端主体添加自定义默认声明 [英] IdentityServer4: Add Custom default Claim to Client Principal for Client_Credential Granttype
问题描述
我正在使用IdentityServer4,并且试图在创建令牌时向我的CLIENT
添加自定义默认声明.如果我使用隐式流和如下所示的IProfileService
,这是可能的.
I am using IdentityServer4 and I am trying to add a custom default claim to my CLIENT
when the token is created. This is possible if i use the implicit flow and IProfileService
like shown below.
public class MyProfileService : IProfileService
{
public MyProfileService()
{
}
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
var claims = new List<Claim>
{
new Claim("DemoClaimType", "DemoClaimValue")
};
context.IssuedClaims = claims;
return Task.FromResult(0);
}
public Task IsActiveAsync(IsActiveContext context)
{
context.IsActive = true;
return Task.FromResult(0);
}
}
在我的创业公司
services.AddIdentityServer()
.AddProfileService<MyProfileService>()
但是,这对于具有client_credential授予类型的客户端不起作用,因为它似乎是cannot request OpenID scopes in client credentials flow
.事实证明,Iprofileservice就像名称所暗示的那样适用于Identity
资源,其中像profile一样的OpenId范围有效.因为无法请求具有client_credential授予类型GetProfileDataAsync
的概要文件作用域,所以永远不会被调用.
However this does not work with my client with client_credential granttype since it seems cannot request OpenID scopes in client credentials flow
. It turns out Iprofileservice like the name implies works for Identity
Resources where the OpenId scopes like profile is valid. since am unable to request profile scopes with client_credential grant type GetProfileDataAsync
never gets called.
由于仅与客户一起使用,没有用户,因此我需要一种将声明注入令牌的方法,而不必像下面那样将它们添加到客户端对象中
Since am working only with clients and no users I need a way to inject claims into the token without having to add them to the client object like below
new Client
{
ClientId = "myclient",
ClientName = "My Client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = {new Secret("secret".Sha256())},
AllowedScopes = new List<string> {"api"},
AllowOfflineAccess = true,
//I Don't want to do this
Claims = new List<Claim>
{
new Claim("type","value")
}
}
我不希望出现上述情况,因为我不希望该声明成为数据库中client_claims的一部分.我需要即时创建令牌请求.我希望我的问题现在已经清楚了.
I do not want the above because i do not want the the claim to be part of the client_claims in the database. I need to create it on the fly on token request. I hope my question is clearer now.
推荐答案
通过一些查询,我终于找到了解决方法.我需要一种在请求令牌时向客户端动态添加声明的方法.
With some inquiries I finally found out how to do this. I needed a way to add claims dynamically to the client when token was requested.
为此,我必须扩展ICustomTokenRequestValidator
,然后通过完全依赖注入将我的类包含在Startup.cs中.
In order to do that I had to extend ICustomTokenRequestValidator
and then include my class in Startup.cs thorough dependency injection
public class DefaultClientClaimsAdder : ICustomTokenRequestValidator
{
public Task ValidateAsync(CustomTokenRequestValidationContext context)
{
context.Result.ValidatedRequest.Client.AlwaysSendClientClaims = true;
context.Result.ValidatedRequest.ClientClaims.Add(new Claim("testtoken","testbody"))
return Task.FromResult(0);
}
}
在Startup.cs中配置服务
Configure services in Startup.cs
services.AddTransient<ICustomTokenRequestValidator, DefaultClientClaimsAdder>();
这篇关于IdentityServer4:为Client_Credential Granttype的客户端主体添加自定义默认声明的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!