【发布时间】:2023-04-10 01:40:01
【问题描述】:
我已经使用this 教程设置了 identityserver3 和 MVC4 客户端。当我将客户端配置为使用“隐式”流程时,事情按预期工作,我正在返回“配置文件”范围。即我可以找到声明 first_name 和 given_name。在我的配置代码下面。
客户端和用户配置
public static class Users
{
public static List<InMemoryUser> Get()
{
return new List<InMemoryUser>
{
new InMemoryUser
{
Username = "Bob",Password = "password",Subject = "1",
Claims = new []
{
new Claim(Constants.ClaimTypes.GivenName,"firstName"),
new Claim(Constants.ClaimTypes.FamilyName,"lastName")
}
}
};
}
}
public static class Clients
{
public static IEnumerable<Client> Get()
{
return new[]
{
new Client
{
ClientId = "MVC",
ClientName = "MVC Client Name",
RedirectUris = new List<string>
{
"https://localhost:44302/"
},
Flow = Flows.Implicit,
AllowAccessToAllScopes = true
}
};
}
}
身份服务器配置
public void Configuration(IAppBuilder app)
{
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
app.Map("/identity", appBuilder => {
appBuilder.UseIdentityServer(new IdentityServer3.Core.Configuration.IdentityServerOptions
{
SiteName = "Site Name",
SigningCertificate = LoadCertificate(),
RequireSsl = false,
Factory = new IdentityServer3.Core.Configuration.IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryUsers(Users.Get())
.UseInMemoryScopes(StandardScopes.All)
});
});
app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = "https://localhost:44302/identity",
ClientId = "MVC",
RedirectUri = "https://localhost:44302/",
ResponseType = "id_token",
SignInAsAuthenticationType = "Cookies",
Scope = "openid profile"
});
}
在我的 MVC 应用程序中,我在名为“Contact”的 Home 控制器上设置了 Action
[Authorize]
public ActionResult Contact()
{
ClaimsPrincipal principal = User as ClaimsPrincipal;
return View(principal.Claims);
}
最后是简单的视图
@model IEnumerable<System.Security.Claims.Claim>
@foreach (var item in Model)
{
<div>
<span>@item.Type</span>
<span>@item.Value</span>
</div>
}
</div>
现在,当我运行此应用程序时,单击安全的“联系”链接后,我将被重定向到 STS 服务器,并且在提供凭据后,我可以看到以下输出。
请注意,声明 given_name 和 family_name 存在于 STS 返回的声明中。
问题:
我将客户端更改为支持混合流的那一刻。我没有收到索赔given_name和family_name
我对我的代码进行了以下更改。
客户端配置
public static IEnumerable<Client> Get()
{
return new[]
{
new Client
{
ClientId = "MVC",
ClientName = "MVC Client Name",
RedirectUris = new List<string>
{
"https://localhost:44302/"
},
Flow = Flows.Hybrid,//Changed this to Hybrid
AllowAccessToAllScopes = true
}
};
}
服务器配置
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Authority = "https://localhost:44302/identity",
ClientId = "MVC",
RedirectUri = "https://localhost:44302/",
ResponseType = "code id_token token", //Changed response type
SignInAsAuthenticationType = "Cookies",
Scope = "openid profile"
});
运行应用程序后,我可以看到 STS 返回的以下声明
请注意,此次声明 given_name 和 family_name 丢失了。
我错过了什么吗?
【问题讨论】:
-
我遇到了与混合流相同的问题。你是怎么解决的。
标签: asp.net-mvc-4 oauth oauth-2.0 identityserver3 openid-connect