IdentityServer4 通过 AccessToken 获取 UserClaims

时间:2023-02-03 17:03:03

实现效果:通过生成的access_token获取用户的一些信息,这样客户端请求的时候,不需要传递用户信息了。

示例配置:

public void ConfigureServices(IServiceCollection services)
{
services.AddIdentityServer()
.AddTemporarySigningCredential()
.AddInMemoryIdentityResources(new List<IdentityResource>
{
new IdentityResources.OpenId(), //必须要添加,否则报无效的scope错误
new IdentityResources.Profile(),
})
.AddInMemoryApiResources(new List<ApiResource>
{
new ApiResource("api1", "My API")
})
.AddInMemoryClients(new List<Client>
{
new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, ClientSecrets =
{
new Secret("secret".Sha256())
},
AllowedScopes =
{
"api1",
IdentityServerConstants.StandardScopes.OpenId, //必须要添加,否则报forbidden错误
IdentityServerConstants.StandardScopes.Profile
}
}
});
}

Http 调用示例:

GET /connect/userinfo
Authorization: Bearer <access_token> HTTP/1.1 200 OK
Content-Type: application/json {
"sub": "248289761001",
"name": "Bob Smith",
"given_name": "Bob",
"family_name": "Smith",
"role": [
"user",
"admin"
]
}

UserInfoClient调用示例:

var token = "";
var client = new DiscoveryClient(_appSettings.IssuerUri);
client.Policy.RequireHttps = false;
var disco = await client.GetAsync();
var userInfoClient = new UserInfoClient(doc.UserInfoEndpoint); var response = await userInfoClient.GetAsync(token);
var claims = response.Claims;

参考资料: