如何为机器对机器应用程序类型向声明auth0分配的JWT中添加声明? [英] How can I add claims to a JWT assigned with auth0 for a machine-to-machine application type?
问题描述
我正在使用auth0作为OIDC提供程序进行单点登录.
到目前为止,我尝试使用两种应用程序类型登录,一方面是 native 应用程序类型,另一方面是 machine-to-machine 应用程序类型./p>
但是,当我登录时,我只会收到一个非常简单的 id_token ,其中包含以下有效负载:
{"https://example.com/roles":[用户"],"iss":"https://my.idp.provider.com","sub":"oauth2 | someconnection | sampl | somecompany | someusername","aud":已删除","iat":1547652649,"exp":1547688649} 我想为此令牌添加一个 group 声明.如何配置Auth0租户将"group":"admin" 添加为声明?我是否需要在身份验证客户端中启用特定的 scope 来接收 groups 声明?
我已经在auth0中安装并配置了 Authorization Extension ,但这对我的令牌中的声明没有任何影响.我知道授权扩展不支持机器对机器应用程序.因此,我添加了本机应用程序并尝试使用该应用程序登录,但这也没有返回任何其他声明.
配置授权扩展后,您可以将自定义声明添加到规则"中已发布的JWT令牌中.这里有一个执行该工作的示例规则: https://auth0.com/docs/extensions/authorization-extension/v2/rules#add-custom-claims-to-the-issued-token
您还可以使用挂钩自定义客户端凭据令牌: I want to add a I have installed and configured the Authorization Extension in auth0 but that did not have any effect on the claims in my token. I know that the Authorization Extension does not support machine-to-machine applications. Therefore, I added the native application and tried to login with that, but that also did not return any additional claims. After configuring the Authorization extension, you can add custom claims to the issued JWT tokens from Rules. There's a sample rule here that does the job: https://auth0.com/docs/extensions/authorization-extension/v2/rules#add-custom-claims-to-the-issued-token You can customize the Client Credentials token as well using the Hook: https://auth0.com/docs/api-auth/tutorials/client-credentials/customize-with-hooks EDIT: OIDC Comformant Apps require you to define the namespace because Authorization data such as roles and groups are not OIDC claims. 这篇关于如何为机器对机器应用程序类型向声明auth0分配的JWT中添加声明?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!group claim to this token. How can I configure my Auth0 tenant to add "group": "admin" as claims? Do I need to enable a particular scope in my authentication client to receive the groups claim?
