将 JWT 声明作为数组添加? [英] Add a claim to JWT as an array?

问题描述

使用 thinktecture JWT 身份验证资源所有者流程，我将 JWT 的声明部分用于客户端消费.我的问题是，是否可以在身份服务器中添加声明并将其解码为客户端中的数组.

Using thinktecture JWT authentication resource owner flow,i use the claims part of JWT for client consumption. My question is that if its possible to add claim in identity server and decode it as an array in client.

数组类型没有 ClaimTypeValues.

There is no ClaimTypeValues for array type.

作为一种解决方法，

 var user = IdentityServerPrincipal.Create(response.UserName, response.UserName);
                user.Identities.First().AddClaims(
                                            new List<Claim>()
                                        {
                                            new Claim(ClaimTypes.Name, response.UserName),
                                            new Claim(ClaimTypes.Email, response.Email),
                                            new Claim(FullName, response.FullName),
                                            new Claim(AuthorizedCompanies,JsonConvert.SerializeObject(response.AuthorizedCompanies))
                                        });
                return new AuthenticateResult(user);

我将声明添加为 json 数组以声明 AuthorizedCompanies 并在客户端对其进行解析.如果有的话，这里的设计模式是什么?

I add claim as json array to claim for AuthorizedCompanies and parse it in client side.What is the design pattern here if any ?

推荐答案

从个人经验来看，当 ValueType 始终为String"类型时，与索赔商店的互操作更容易.虽然当您知道自己正在处理复杂类型时，这似乎与直觉相悖，但它至少易于理解.

Speaking from personal experience, it is easier to inter-op with claim stores when the ValueType is always type "String". Although it may seem counter intuitive when you know you are dealing with a complex type, it is at least simple to understand.

我解决数组需求的方法是让我的应用程序代码期望针对相关声明类型存在多个声明，并保持每个声明值都是简单类型.

The way I have approached this need for an array is to have my application code expect multiple claims to be present for the claim type in question, and keep each claim value of a simple type.

例子:

var authorizeCompanies = identity.FindAll(AuthorizedCompanies).Select(c => c.Value);

当然，您也可以这样添加它们:

And of course, you also add them that way:

identity.AddClaim(ClaimTypes.Name, response.UserName);
identity.AddClaim(AuthorizedCompanies, "CompanyX");
identity.AddClaim(AuthorizedCompanies, "CompanyY");
identity.AddClaim(AuthorizedCompanies, "CompanyZ");

IdentityServer 开箱即用地支持此模型.在为此类身份生成令牌时，它会自动将该声明的值作为数组写入.

IdentityServer supports this model out of the box. When generating a token for an identity such as this, it automatically writes the values for that claim out as an array.

{
    "aud": "Identity Server example/resources", 
    "iss": "Identity Server example", 
    "exp": 1417718816, 
    "sub": "1234",
    "scope": ["read", "write"], // <-- HERE
    "foo": ["bar", "baz"],      // <-- HERE TOO!
    "nbf": 1417632416
}

这种声明方法与假设所有声明都是类型 -> 值的一对一映射相反.

This approach to claims is in contrast to assuming all claims are a one-to-one mapping of type -> value.

这篇关于将 JWT 声明作为数组添加?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！