如何仅将声明包括在id_token中,而不包括在access_token IdentityServer4中 [英] How to include claims only in id_token but not in access_token IdentityServer4

查看:102
本文介绍了如何仅将声明包括在id_token中,而不包括在access_token IdentityServer4中的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用Identity Server 4和隐式授予类型.我有SPA,它使用response_type:'id_token令牌'向IS4发出授权请求.我可以使用GetProfileDataAsync方法对IProfileService进行简单的实现:

an I'm using Identity Server 4 and Implicit grant type. I have SPA, which make authorize request to IS4 with response_type: 'id_token token'. I have simple implementation of IProfileService with GetProfileDataAsync method:

public virtual Task GetProfileDataAsync(ProfileDataRequestContext context)
        {
            context.AddRequestedClaims(context.Subject.Claims);

            context.IssuedClaims.Add(new Claim("custom1", "custom1"));

            context.IssuedClaims.Add(new Claim("custom2", "custom2"));

            return Task.CompletedTask;
        }

没关系,我收到一个access_token和一个id_token.但是它们都包含我的自定义声明.如何在access_token中仅包含"custom1"声明,而在id_token中既包含"custom1"又包含"custom2"声明?

And it's ok, I recieve an access_token and an id_token. But they both contain my custom claims. How can I include in access_token only "custom1" claim, but in id_token both "custom1" and "custom2" claims?

推荐答案

好,感谢Ruard van Elburg,我能够做到这一点.正确答案是:

Ok, thanks to Ruard van Elburg, I was able to do it. Correct answer is:

  • 对于访问令牌:Context.Caller = ClaimsProviderAccessToken
  • 对于身份令牌:Context.Caller = ClaimsProviderIdentityToken
  • 对于userinfo端点:Context.Caller = UserInfoEndpoint

和代码:

public Task GetProfileDataAsync(ProfileDataRequestContext context)
    {
        context.AddRequestedClaims(context.Subject.Claims);

        // Add claims to access token
        if (context.Caller == "ClaimsProviderAccessToken")
        {
            context.IssuedClaims.Add(new Claim("custom1", "custom1"));
        }

        // Add identity token claims
        if (context.Caller == "ClaimsProviderIdentityToken")
        {
            context.IssuedClaims.Add(new Claim("custom1", "custom1"));

            context.IssuedClaims.Add(new Claim("custom2", "custom2"));
        }

        // Add userinfo endpoint claims
        if (context.Caller == "UserInfoEndpoint")
        {
            context.IssuedClaims.Add(new Claim("custom1", "custom1"));

            context.IssuedClaims.Add(new Claim("custom2", "custom2"));
        }

        return Task.CompletedTask;
    }

这篇关于如何仅将声明包括在id_token中,而不包括在access_token IdentityServer4中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆