WSO2 Identity Server未返回带有OAuth / OpenID的请求的声明 [英] WSO2 Identity Server not returning requested claims with OAuth/OpenID
问题描述
我正在使用WSO2 Identity Server 5.1.0尝试OAuth / OpenID,但是在返回所需的声明时遇到了问题。我不确定是否误解了它应该如何工作...
I'm trying out OAuth/OpenID with WSO2 Identity Server 5.1.0, but I'm having problems with returning the claims I need. I'm not sure if I'm misunderstanding how this should work...
我正在使用默认的居民身份提供者。
I'm using the default resident identity provider.
服务提供商的声明配置如下:
< img src = https://i.stack.imgur.com/UWWUA.png alt =在此处输入图片描述>
The service provider has the claims configured like this:
仅此此SP的其他配置是使用OAuth2进行入站身份验证。
This only other configuration for this SP is inbound authentication with OAuth2.
当我使用openid范围获得此服务的OAuth令牌时,收到的JWT仅包含主题字段(电子邮件在这种情况下的地址)。我希望也能收到要求的要求,即角色。
When I get an OAuth token for this service using the openid scope, the JWT received only has the subject field (email address in this case). I was expecting to also receive the requested claims, i.e., roles.
这不是这样做的方法吗?如果没有,我该如何实现? (注意:希望仅将其保留为OAuth / OpenID)。
Is this not the way to do it? If not, how can I achieve this? (note: was hoping to keep this to OAuth/OpenID only).
任何帮助都非常感谢,因为我对此感到很困惑。
Any help is much appreciated, as I'm quite stumped with this.
推荐答案
当前,我们在尝试以OpenID令牌检索请求的声明时已经确定了某些限制。
Currently, we have identified certain limitations when trying to retrieve requested claims in an OpenID token.
但是,您可以尝试以下情形,
However, you can try out the below scenario,
-
因此,基本上,您需要选择在 http://wso2.org/oidc/claim 的方言 http://wso2.org/claims 方言
(我会建议您尝试使用电子邮件,姓氏和国家/地区)
So basically you need to pick claims that have a mapping between the "http://wso2.org/oidc/claim" dialect to "http://wso2.org/claims" dialect (I would suggest you try out email, lastname and country for example)
请确保在用户个人资料中填写声明值。
Make sure that the claim values are filled in the user profile.
使用授权码授予或隐式授予
通过使用WSO2 Identity Server测试版包[1],您应该能够成功检索到声明,并将您设置为主题声明URI的子声明
By using the WSO2 Identity Server beta pack[1] you should be able to successfully retrieve the claims as well as a 'sub' claim with the claim that you set as the Subject Claim URI
[1] https://github.com/wso2/ product-is / releases / tag / v5.2.0-beta
这篇关于WSO2 Identity Server未返回带有OAuth / OpenID的请求的声明的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
![< img src = https://i.stack.imgur.com/UWWUA.png alt =在此处输入图片描述>](\"https://i.stack.imgur.com/UWWUA.png\"){kind=link}