2

我正在使用我的身份服务器设置客户端凭据流,以从客户端获取访问令牌。我可以使用以下代码获取访问令牌,

  • 身份服务器配置:

     public void Configuration(IAppBuilder app)
{
    app.Map("/identity", idsrvApp =>
    {
        var corsPolicyService = new DefaultCorsPolicyService()
        {
            AllowAll = true
        };

        var idServerServiceFactory = new IdentityServerServiceFactory()
        .UseInMemoryClients(Clients.Get())
        .UseInMemoryScopes(Scopes.Get())
        .UseInMemoryUsers(Users.Get());

        var options = new IdentityServerOptions
        {
            Factory = idServerServiceFactory,
            SiteName = "Demo",
            IssuerUri = IdentityConstants.IssuerUri,
            PublicOrigin = IdentityConstants.STSOrigin,
            SigningCertificate = LoadCertificate()
        };

        idsrvApp.UseIdentityServer(options);
    });
}

  • 身份服务器 - 客户端配置:

    public static class Clients
{
    public static IEnumerable<Client> Get()
    {
    return new[]
     {
        new Client
        {
             ClientId = "ClientSDK",
             ClientName = "Client SDK (Client Credentials)",
             Flow = Flows.ClientCredentials,
             AllowAccessToAllScopes = true,

            ClientSecrets = new List<Secret>()
            {
                new Secret(IdentityConstants.ClientSecret.Sha256())
            }
        }
     };
}

    }

  • MVC 客户端:

      var oAuth2Client = new TokenClient(
              IdentityConstants.STSTokenEndpoint,
              "ClientSDK",
                IdentityConstants.ClientSecret);

    var tokenResponse = oAuth2Client.RequestClientCredentialsAsync("MyScope").Result;

    return tokenResponse.AccessToken;

我能够获得访问令牌(即 JWT)。在创建令牌时使用其声明数据创建 JWT 时,请告诉我如何从我的数据库中添加一个唯一键,例如 (UserId)。

在此处输入图像描述

4

2 回答 2

0

您应该实现自定义用户存储以验证用户并从数据库添加声明。更改启动代码如下所示,Userrepository 类表示数据库通信以验证用户并从数据库获取声明:

var idServerServiceFactory = new IdentityServerServiceFactory()
   .UseInMemoryClients(Clients.Get())
   .UseInMemoryScopes(Scopes.Get())
   .AddCustomUserStore();

添加以下类并根据您的要求进行更改:

public static class CustomIdentityServerBuilderExtensions
{
    public static IIdentityServerBuilder AddCustomUserStore(this IIdentityServerBuilder builder)
    {                   
        builder.AddProfileService<UserProfileService>();           
        builder.AddResourceOwnerValidator<UserResourceOwnerPasswordValidator>();
        return builder;
    }
}

public class UserProfileService : IProfileService
{
    public async Task GetProfileDataAsync(ProfileDataRequestContext context)
    {
            UserRepository userRepository=new UserRepository();
            var user = userRepository.GetUserById(int.Parse(context.Subject.GetSubjectId()));
            if (user != null)
            {
                var userTokenModel = _mapper.Map<UserTokenModel>(user);
                var claims = new List<Claim>();
                claims.Add(new Claim("UserId", user.UserId));
                // Add another claims here 
                context.IssuedClaims.AddRange(claims);                    
    }
    public async Task IsActiveAsync(IsActiveContext context)
    {          
    }
}

public class UserResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
{        
    public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
    {           
            UserRepository userRepository=new UserRepository();
            var userLoginStatus = userRepository.GetUserById(context.UserName, context.Password);

            if (userLoginStatus != null)
            {

                    context.Result = new GrantValidationResult(userLoginStatus.UserId.ToString(),
                         OidcConstants.AuthenticationMethods.Password);                   
            }
            else
            {                    
                context.Result = new GrantValidationResult(TokenRequestErrors.InvalidClient, 
                        "Wrong Credentials");
            }            
    }
}
于 2020-06-02T08:20:02.213 回答
0

首先,您需要在 Azure 门户上创建自定义属性“userId”,并将其应用于选定的应用程序。然后按照这个例子, 使用 Graph API 更新用户

如果您使用的是内置用户流,则需要为您的应用程序选择“userId”。如果您使用的是自定义策略,请遵循以下流程。JWT 令牌仅显示 Azure AD B2C 自定义策略的输出声明。创建和更新自定义策略是一个多步骤过程。这里是阅读更多关于如何创建自定义属性的链接

于 2020-06-01T16:21:30.567 回答