IdentityServer4 通過 AccessToken 獲取 UserClaims - xishuai－IT工程師數位筆記本

文章出處

實現效果：通過生成的access_token獲取用戶的一些信息，這樣客戶端請求的時候，不需要傳遞用戶信息了。

示例配置：

public void ConfigureServices(IServiceCollection services)
{
    services.AddIdentityServer()
        .AddTemporarySigningCredential()
        .AddInMemoryIdentityResources(new List<IdentityResource>
        {
            new IdentityResources.OpenId(), //必須要添加，否則報無效的scope錯誤
            new IdentityResources.Profile(),
        })
        .AddInMemoryApiResources(new List<ApiResource>
        {
            new ApiResource("api1", "My API")
        })
        .AddInMemoryClients(new List<Client>
        {
            new Client
            {
                ClientId = "client",
                AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,

                ClientSecrets =
                {
                    new Secret("secret".Sha256())
                },
                AllowedScopes = 
                { 
                  "api1",
                  IdentityServerConstants.StandardScopes.OpenId, //必須要添加，否則報forbidden錯誤
                  IdentityServerConstants.StandardScopes.Profile
                }
            }
        });
}

Http 調用示例：

GET /connect/userinfo
Authorization: Bearer <access_token>


HTTP/1.1 200 OK
Content-Type: application/json

{
    "sub": "248289761001",
    "name": "Bob Smith",
    "given_name": "Bob",
    "family_name": "Smith",
    "role": [
        "user",
        "admin"
    ]
}

UserInfoClient調用示例：

var token = "";
var client = new DiscoveryClient(_appSettings.IssuerUri);
client.Policy.RequireHttps = false;
var disco = await client.GetAsync();
var userInfoClient = new UserInfoClient(doc.UserInfoEndpoint);

var response = await userInfoClient.GetAsync(token);
var claims = response.Claims;