Fork me on GitHub

IdentityServer4 通过 AccessToken 获取 UserClaims

实现效果:通过生成的access_token获取用户的一些信息,这样客户端请求的时候,不需要传递用户信息了。

示例配置:

public void ConfigureServices(IServiceCollection services)
{
    services.AddIdentityServer()
        .AddTemporarySigningCredential()
        .AddInMemoryIdentityResources(new List<IdentityResource>
        {
            new IdentityResources.OpenId(), //必须要添加,否则报无效的scope错误
            new IdentityResources.Profile(),
        })
        .AddInMemoryApiResources(new List<ApiResource>
        {
            new ApiResource("api1", "My API")
        })
        .AddInMemoryClients(new List<Client>
        {
            new Client
            {
                ClientId = "client",
                AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,

                ClientSecrets =
                {
                    new Secret("secret".Sha256())
                },
                AllowedScopes = 
                { 
                  "api1",
                  IdentityServerConstants.StandardScopes.OpenId, //必须要添加,否则报forbidden错误
                  IdentityServerConstants.StandardScopes.Profile
                }
            }
        });
}

Http 调用示例:

GET /connect/userinfo
Authorization: Bearer <access_token>


HTTP/1.1 200 OK
Content-Type: application/json

{
    "sub": "248289761001",
    "name": "Bob Smith",
    "given_name": "Bob",
    "family_name": "Smith",
    "role": [
        "user",
        "admin"
    ]
}

UserInfoClient调用示例:

var token = "";
var client = new DiscoveryClient(_appSettings.IssuerUri);
client.Policy.RequireHttps = false;
var disco = await client.GetAsync();
var userInfoClient = new UserInfoClient(doc.UserInfoEndpoint);

var response = await userInfoClient.GetAsync(token);
var claims = response.Claims;

参考资料:

posted @ 2017-09-12 19:40  田园里的蟋蟀  阅读(5402)  评论(8编辑  收藏  举报