WSO2 身份服务器未使用 OAuth/OpenID 返回请求的声明 [英] WSO2 Identity Server not returning requested claims with OAuth/OpenID

问题描述

我正在使用 WSO2 Identity Server 5.1.0 试用 OAuth/OpenID，但在返回我需要的声明时遇到了问题.我不确定我是否误解了这应该如何工作......

I'm trying out OAuth/OpenID with WSO2 Identity Server 5.1.0, but I'm having problems with returning the claims I need. I'm not sure if I'm misunderstanding how this should work...

我正在使用默认的居民身份提供者.

I'm using the default resident identity provider.

服务提供商的声明配置如下:

The service provider has the claims configured like this:

此 SP 的唯一其他配置是使用 OAuth2 的入站身份验证.

This only other configuration for this SP is inbound authentication with OAuth2.

当我使用 openid 范围获取此服务的 OAuth 令牌时，收到的 JWT 仅包含主题字段(在本例中为电子邮件地址).我还期望收到请求的声明，即角色.

When I get an OAuth token for this service using the openid scope, the JWT received only has the subject field (email address in this case). I was expecting to also receive the requested claims, i.e., roles.

这不是这样做的方法吗?如果没有，我怎样才能做到这一点?(注意:希望仅将其保留为 OAuth/OpenID).

Is this not the way to do it? If not, how can I achieve this? (note: was hoping to keep this to OAuth/OpenID only).

非常感谢任何帮助，因为我对此感到很困惑.

Any help is much appreciated, as I'm quite stumped with this.

推荐答案

目前，我们在尝试检索 OpenID 令牌中请求的声明时发现了某些限制.

Currently, we have identified certain limitations when trying to retrieve requested claims in an OpenID token.

不过，你可以试试下面的场景，

However, you can try out the below scenario,

1. 所以基本上你需要选择在 "http://wso2.org/oidc/claim" 方言到 "http://wso2.org/claims"方言(例如，我建议您尝试使用电子邮件、姓氏和国家/地区)

1. So basically you need to pick claims that have a mapping between the "http://wso2.org/oidc/claim" dialect to "http://wso2.org/claims" dialect (I would suggest you try out email, lastname and country for example)

确保在用户个人资料中填写声明值.

Make sure that the claim values are filled in the user profile.

使用授权码授权或隐式授权

通过使用 WSO2 Identity Server 测试包[1]，您应该能够成功检索声明以及带有您设置为主题声明 URI 的声明的子"声明

By using the WSO2 Identity Server beta pack[1] you should be able to successfully retrieve the claims as well as a 'sub' claim with the claim that you set as the Subject Claim URI

[1] https://github.com/wso2/product-is/releases/tag/v5.2.0-beta

这篇关于WSO2 身份服务器未使用 OAuth/OpenID 返回请求的声明的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！