如何仅将声明包括在id_token中,而不包括在access_token IdentityServer4中 [英] How to include claims only in id_token but not in access_token IdentityServer4
问题描述
我正在使用Identity Server 4和隐式授予类型.我有SPA,它使用response_type:'id_token令牌'向IS4发出授权请求.我可以使用GetProfileDataAsync方法对IProfileService进行简单的实现:
an I'm using Identity Server 4 and Implicit grant type. I have SPA, which make authorize request to IS4 with response_type: 'id_token token'. I have simple implementation of IProfileService with GetProfileDataAsync method:
public virtual Task GetProfileDataAsync(ProfileDataRequestContext context)
{
context.AddRequestedClaims(context.Subject.Claims);
context.IssuedClaims.Add(new Claim("custom1", "custom1"));
context.IssuedClaims.Add(new Claim("custom2", "custom2"));
return Task.CompletedTask;
}
没关系,我收到一个access_token和一个id_token.但是它们都包含我的自定义声明.如何在access_token中仅包含"custom1"声明,而在id_token中既包含"custom1"又包含"custom2"声明?
And it's ok, I recieve an access_token and an id_token. But they both contain my custom claims. How can I include in access_token only "custom1" claim, but in id_token both "custom1" and "custom2" claims?
推荐答案
好,感谢Ruard van Elburg,我能够做到这一点.正确答案是:
Ok, thanks to Ruard van Elburg, I was able to do it. Correct answer is:
- 对于访问令牌:Context.Caller = ClaimsProviderAccessToken
- 对于身份令牌:Context.Caller = ClaimsProviderIdentityToken
- 对于userinfo端点:Context.Caller = UserInfoEndpoint
和代码:
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
context.AddRequestedClaims(context.Subject.Claims);
// Add claims to access token
if (context.Caller == "ClaimsProviderAccessToken")
{
context.IssuedClaims.Add(new Claim("custom1", "custom1"));
}
// Add identity token claims
if (context.Caller == "ClaimsProviderIdentityToken")
{
context.IssuedClaims.Add(new Claim("custom1", "custom1"));
context.IssuedClaims.Add(new Claim("custom2", "custom2"));
}
// Add userinfo endpoint claims
if (context.Caller == "UserInfoEndpoint")
{
context.IssuedClaims.Add(new Claim("custom1", "custom1"));
context.IssuedClaims.Add(new Claim("custom2", "custom2"));
}
return Task.CompletedTask;
}
这篇关于如何仅将声明包括在id_token中,而不包括在access_token IdentityServer4中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!