我正在使用 IdentityServer4,我想将计算字段添加到 access_token/id_token。
此类字段的示例可以是用户的 IP(或 token 绑定(bind)哈希), token 将附加到该 IP。
问:我该怎么做?
提前致谢,抱歉英语不好。
最佳答案
您可以通过在 UserManager 实现中创建一个方法来添加包含计算字段的声明。
public class UserManager: IUserManager
{
...other code here removed for simplicity
public List<Claim> GetClaimsAsync(Models.User user)
{
var claims = new List<Claim>();
claims.Add(new Claim(JwtClaimTypes.PreferredUserName, user.USER_ID.ToString().Trim()));
//This next line is pseudo coded and would need to be coded.
claims.Add(new Claim("MyCalculatedIP", MyFunctionToGetUserIP().ToString().Trim()));
return claims;
}
...other code here removed for simplicity
}
从实现 IProfileService 的类中调用它。我将我的 ProfileService 命名为。
/// <summary>
/// implement the interface called "IProfileService", which is used for authorization.
/// </summary>
public class ProfileService : IProfileService
{
IUserManager _myUserManager;
private readonly ILogger<ProfileService> _logger;
public ProfileService(ILogger<ProfileService> logger, IUserManager userManager)
{
_logger = logger;
_myUserManager = userManager;
}
public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
var user = await _myUserManager.Find(context.UserName, context.Password);
if (user != null)
{
context.Result = new GrantValidationResult(
subject: user.USER_ID,
authenticationMethod: "custom",
claims: await _myUserManager.GetClaimsAsync(user));
}
else
{
context.Result = new GrantValidationResult(
TokenRequestErrors.InvalidRequest,
errorDescription: "UserName or Password Incorrect.");
}
}
public async Task GetProfileDataAsync(ProfileDataRequestContext context)
{
_logger.LogDebug("Get profile called for {subject} from {client} with {claimTypes} because {caller}",
context.Subject.GetSubjectId(),
context.Client.ClientName,
context.RequestedClaimTypes,
context.Caller);
var sub = context.Subject.FindFirst("sub")?.Value;
if (sub != null)
{
var user = await _myUserManager.FindByNameAsync(sub);
var cp = getClaims(user);
var claims = cp.Claims;
context.IssuedClaims = claims.ToList();
}
}
private ClaimsPrincipal getClaims(User user)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
var id = new ClaimsIdentity();
id.AddClaims(_myUserManager.GetClaimsAsync(user));
return new ClaimsPrincipal(id);
}
/// <summary>
/// Called by IdentityServer Middleware.
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public async Task IsActiveAsync(IsActiveContext context)
{
var sub = context.Subject.GetSubjectId();
var user = await _myUserManager.FindByNameAsync(sub);
context.IsActive = user != null;
return;
}
}
在 Startup 类中添加用于依赖注入(inject)的 ProfileService 对象。
public void ConfigureServices(IServiceCollection services)
{
...other code here removed for simplicity
Services.AddTransient<IProfileService, ProfileService>();
...other code here removed for simplicity
}
有用的资源 artile
关于c# - 我如何将计算字段添加到 access_token/id_token,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49082647/