其他分享
首页 > 其他分享> > IdentityServer4之Claim(自定义身份资源)

IdentityServer4之Claim(自定义身份资源)

作者:互联网

IdentityServer4之Claim(自定义身份资源)

接前面讲到角色的权限控制,地址:

https://mp.weixin.qq.com/s?__biz=MzkxNDMyNDY5Ng==&mid=2247484460&idx=1&sn=307e8e135315f34ad2296bd03dcb2ded&chksm=c171699bf606e08d4ddb865dda53de674ddd8424e5ac131ca67545152b189eb9b2f0463a3572&token=1436306399&lang=zh_CN#rd

这里讲讲自定义身份资源。

 

身份资源也是数据,如用户ID,姓名或用户的电子邮件地址。 身份资源具有唯一的名称,您可以为其分配任意身份信息单元(比如姓名、性别、身份证号和有效期等都是身份证的身份信息单元)类型。

定义用户 :

public static List<TestUser> GetUsers()

        {

            return new List<TestUser>

            {

                new TestUser

                {

                    SubjectId = "1",

                    Username = "alice",

                    Password = "password",

                    Claims = new List<Claim>(){new Claim(JwtClaimTypes.Role,"superadmin") }

                },

                new TestUser

                {

                    SubjectId = "2",

                    Username = "bob",

                    Password = "password",

                    Claims = new List<Claim>(){new Claim(JwtClaimTypes.Role,"superadmin") }

                },

                new TestUser

                {

                    SubjectId = "3",

                    Username = "yak",

                    Password = "yakpassword",

                    Claims = new List<Claim>(){new Claim(JwtClaimTypes.Role, "admin"),new Claim("性别","男"),new Claim(JwtClaimTypes.Address, "上海") }

 

                }

            };

        }

 

 

自定义身份资源:

public static IEnumerable<IdentityResource> GetIdentityResources()

        {

            var customProfile = new IdentityResource(

                name: "custom.profile",

                displayName: "Custom profile",

                userClaims: new[] { "role", "address", "性别" });

            return new IdentityResource[]

            {

                new IdentityResources.OpenId(),//未添加导致scope错误

                new IdentityResources.Profile(),

                customProfile

            };

        }

配置Scope
通过上面的代码,我们自定义了一个名为“customProfile“的身份资源,他包含了"role" ,”性别”,“address”,Claim(可以包含多个Claim),然后我们还需要配置Scope,我们才能访问到:

 

public static IEnumerable<Client> GetClients()

        {

            return new List<Client>

            {

                new Client

                {

                    ClientId = "yakclient",

                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,

 

                    ClientSecrets =

                    {

                        new Secret("yaksecret".Sha256())

                    },

                    AllowedScopes = { "api1", IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, "custom.profile" }//需要额外添加

                }

            };

        }                }

这些身份信息单元将被包含在用户的身份标识(Id Token)中。 客户端将使用scope参数来请求访问身份资源。

使用Postman访问IDS4服务获取Access_Token

地址:http://localhost:5000/connect/token

参数:

grant_type:password

client_id:yakclient

client_secret:yaksecret

username:yak

password:yakpassword

 

 

 

使用Postman访问IDS4服务获取用户的身份资源

地址:http://localhost:5000/connect/userinfo

参数:

Authorization:Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjYxQTgyRkRDMjMzMDdBODgyRjlENkE2RUQ5MDQwMkY2IiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2NDY2Mzk1MjksImV4cCI6MTY0NjY0MzEyOSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiY2xpZW50X2lkIjoieWFrY2xpZW50Iiwic3ViIjoiMyIsImF1dGhfdGltZSI6MTY0NjYzOTUyOSwiaWRwIjoibG9jYWwiLCJyb2xlIjoiYWRtaW4iLCJqdGkiOiIyQUNBQzU3QjdCQjU1MUFBMjQwQTlGQ0REOTM1NDNFMiIsImlhdCI6MTY0NjYzOTUyOSwic2NvcGUiOlsiYXBpMSIsImN1c3RvbS5wcm9maWxlIiwib3BlbmlkIiwicHJvZmlsZSJdLCJhbXIiOlsicHdkIl19.iE_0AlzUkTRtIUsbHl12gDtU1nV4UEUdWQBRpaddK1ikg2qgHcygf7NFFzztCME0XqZuwNVzGJ_v4D2mx0hsJjNEpDPSnDczxGqt8_ZI1fy5ZoaClY7ejMV7hdB_6Fs6CtOykiEUg0c7ayHtw7X_LEkdrt8LL5s8CdScI0B5hf6XkaonVw1aFKwSU6K8xdkflf3zjbu2Or6YOYlaNFMcBveZctNQzrCjzWcUqKV_Uv9_kORPdaJGxF1VgSAW26gJWEfBTcu8sPx9_C7RpNrWgIjIf6-uNiDNIslZxW8F3cZsOgXw4-xwKXDEbzBMJc7VnS9mI1egLMOwaMfLEFqLeA

 

 

 

 

服务端打印:

 

 

 

 

 

鸣谢:

https://gitee.com/github_mirrors/identityserver4_doc.zh-cn

https://www.cnblogs.com/stulzq/p/8726002.html

 

标签:Claim,自定义,List,IdentityServer4,new,资源,身份
来源: https://www.cnblogs.com/yakniu/p/16182088.html