我是IdentityServer4的新手,我有一个简单的登录配置。下面是我的用户测试用户:
return new List<TestUser> {
new TestUser {
SubjectId = "5BE86359-073C-434B-AD2D-A3932222DABE", // just get this in claims list
Username = "name",
Password = "password",
Claims = new List<Claim> {
new Claim(ClaimTypes.Email, "my@email.com") // not found
}
}
};我也有一个客户:
return new List<Client>
{
new Client
{
ClientId = "MVC1",
ClientName = "This is my MVC1",
ClientSecrets = new List<Secret> {new Secret("MVC1".Sha256())}, // change me!
AllowedGrantTypes = GrantTypes.Code,
RedirectUris = new List<string> {"http://localhost:7573/signin-oidc"},
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email, // permission to access email claim
},
RequirePkce = true,
AllowPlainTextPkce = false
}
};这是我的客户端配置代码:
.AddOpenIdConnect("OIDC", options =>
{
options.SignInScheme = "cookie";
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.ClientId = "MVC1";
options.ClientSecret = "MVC1";
options.ResponseType = "code";
options.UsePkce = true;
options.ResponseMode = "query";
options.CallbackPath = "/signin-oidc";
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email"); // i wants to access but not found in claims list
options.SaveTokens = true;
});我想访问配置的所有声明,但只找到SubjectId,没有找到email.
请帮帮我:(
1条答案
按热度按时间ldfqzlk81#
默认情况下,您需要显式设置,并通过将其添加到AddOpenIDConnect选项中,告知您希望令牌和user-info端点中的哪些声明最终到达用户
您还应该添加一个IdentityResource定义,因为它控制进入ID-Token的内容,如
为了补充这个答案,我写了一篇博客文章,更详细地讨论了这个主题:Debugging OpenID Connect claim problems in ASP.NET Core