【发布时间】:2020-08-06 21:00:19
【问题描述】:
我开发了一个 WebAPI 应用程序并使用 IdentityServer4 使用 OAuth 2.0 协议保护我的端点
我的 ApiResource 看起来像:
Name = "BankOfDotNetApi",
Scopes =
{
new Scope("BankOfDotNetApi", "API name for Customer", new List<string>{ "Claim1"}),
new Scope("BankOfDotNetApi.Read"),
new Scope("BankOfDotNetApi.Write"),
new Scope("offline_access"),
},
UserClaims =
{
JwtClaimTypes.Name,
JwtClaimTypes.Email
},
MyClient 看起来像:
Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = {new Secret("secret".Sha256())},
AllowedScopes = { "BankOfDotNetApi", "BankOfDotNetApi.Read" },
}
我的 API 应用 startUp.cs 看起来像:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc(
config =>
{
});
services.AddControllers();
services.AddDbContext<BankContext>(options => options.UseInMemoryDatabase("BankingDb"));
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.RequireHttpsMetadata = false;
options.ApiName = "BankOfDotNetApi";
options.Authority = "http://localhost:5000";
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
我没有手动生成令牌(通过创建 JWTToken 的实例)并且令牌是由 IdentityServer4 自动生成的
我可以访问我的访问令牌中的范围,但我无法访问声明。
如果我的代码出错,请向我建议如何以及在何处向我的 ApiResource 添加声明。
如何访问我的 AccessToken 中的声明
【问题讨论】:
-
不。您提供的链接正在使用 OpenId Connect。但我使用的是 OAuth 2.0
标签: c# asp.net-mvc asp.net-core .net-core identityserver4