IdentityServer4之Claim(自定义身份资源)
作者:互联网
IdentityServer4之Claim(自定义身份资源)
接前面讲到角色的权限控制,地址:
这里讲讲自定义身份资源。
身份资源也是数据,如用户ID,姓名或用户的电子邮件地址。 身份资源具有唯一的名称,您可以为其分配任意身份信息单元(比如姓名、性别、身份证号和有效期等都是身份证的身份信息单元)类型。
定义用户 :
public static List<TestUser> GetUsers()
{
return new List<TestUser>
{
new TestUser
{
SubjectId = "1",
Username = "alice",
Password = "password",
Claims = new List<Claim>(){new Claim(JwtClaimTypes.Role,"superadmin") }
},
new TestUser
{
SubjectId = "2",
Username = "bob",
Password = "password",
Claims = new List<Claim>(){new Claim(JwtClaimTypes.Role,"superadmin") }
},
new TestUser
{
SubjectId = "3",
Username = "yak",
Password = "yakpassword",
Claims = new List<Claim>(){new Claim(JwtClaimTypes.Role, "admin"),new Claim("性别","男"),new Claim(JwtClaimTypes.Address, "上海") }
}
};
}
自定义身份资源:
public static IEnumerable<IdentityResource> GetIdentityResources()
{
var customProfile = new IdentityResource(
name: "custom.profile",
displayName: "Custom profile",
userClaims: new[] { "role", "address", "性别" });
return new IdentityResource[]
{
new IdentityResources.OpenId(),//未添加导致scope错误
new IdentityResources.Profile(),
customProfile
};
}
配置Scope
通过上面的代码,我们自定义了一个名为“customProfile“的身份资源,他包含了"role" ,”性别”,“address”,Claim(可以包含多个Claim),然后我们还需要配置Scope,我们才能访问到:
public static IEnumerable<Client> GetClients()
{
return new List<Client>
{
new Client
{
ClientId = "yakclient",
AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
ClientSecrets =
{
new Secret("yaksecret".Sha256())
},
AllowedScopes = { "api1", IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, "custom.profile" }//需要额外添加
}
};
} }
这些身份信息单元将被包含在用户的身份标识(Id Token)中。 客户端将使用scope参数来请求访问身份资源。
使用Postman访问IDS4服务获取Access_Token
地址:http://localhost:5000/connect/token
参数:
grant_type:password
client_id:yakclient
client_secret:yaksecret
username:yak
password:yakpassword
使用Postman访问IDS4服务获取用户的身份资源
地址:http://localhost:5000/connect/userinfo
参数:
Authorization:Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjYxQTgyRkRDMjMzMDdBODgyRjlENkE2RUQ5MDQwMkY2IiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2NDY2Mzk1MjksImV4cCI6MTY0NjY0MzEyOSwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiY2xpZW50X2lkIjoieWFrY2xpZW50Iiwic3ViIjoiMyIsImF1dGhfdGltZSI6MTY0NjYzOTUyOSwiaWRwIjoibG9jYWwiLCJyb2xlIjoiYWRtaW4iLCJqdGkiOiIyQUNBQzU3QjdCQjU1MUFBMjQwQTlGQ0REOTM1NDNFMiIsImlhdCI6MTY0NjYzOTUyOSwic2NvcGUiOlsiYXBpMSIsImN1c3RvbS5wcm9maWxlIiwib3BlbmlkIiwicHJvZmlsZSJdLCJhbXIiOlsicHdkIl19.iE_0AlzUkTRtIUsbHl12gDtU1nV4UEUdWQBRpaddK1ikg2qgHcygf7NFFzztCME0XqZuwNVzGJ_v4D2mx0hsJjNEpDPSnDczxGqt8_ZI1fy5ZoaClY7ejMV7hdB_6Fs6CtOykiEUg0c7ayHtw7X_LEkdrt8LL5s8CdScI0B5hf6XkaonVw1aFKwSU6K8xdkflf3zjbu2Or6YOYlaNFMcBveZctNQzrCjzWcUqKV_Uv9_kORPdaJGxF1VgSAW26gJWEfBTcu8sPx9_C7RpNrWgIjIf6-uNiDNIslZxW8F3cZsOgXw4-xwKXDEbzBMJc7VnS9mI1egLMOwaMfLEFqLeA
服务端打印:
鸣谢:
https://gitee.com/github_mirrors/identityserver4_doc.zh-cn
https://www.cnblogs.com/stulzq/p/8726002.html
标签:Claim,自定义,List,IdentityServer4,new,资源,身份 来源: https://www.cnblogs.com/yakniu/p/16182088.html