我正在尝试在 jwt 令牌中设置自定义声明,我从 https://localhost:9443/oauth2/token 获取它,例如用户名、id 等,然后将其传递给我的服务。 当我解码令牌时,我找不到用户名,但范围存在
这是我的要求:
curl --location 'https://localhost:9443/oauth2/token' \
--header 'Authorization: Basic Y19uYVlMWTVQTF9rYndvNmsyeVZzYWc1cWcwYToyU1RUMWlrQ2VwNUc5UHZZcExXRmtlOGs3SDRh' \
--header 'Content-Type: application/json' \
--data '{
"username":"asdasd",
"grant_type":"client_credentials",
"scope":"test1"
}'
我明白了:
{
"sub": "admin",
"aut": "APPLICATION",
"aud": "c_naYLY5PL_kbwo6k2yVsag5qg0a",
"nbf": 1707997026,
"azp": "c_naYLY5PL_kbwo6k2yVsag5qg0a",
"scope": "default",
"iss": "https://localhost:9443/oauth2/token",
"exp": 1708000626,
"iat": 1707997026,
"jti": "39282b4d-03a6-4e1d-a7f5-2c4bf8fb46a6",
"client_id": "c_naYLY5PL_kbwo6k2yVsag5qg0a"
}
但我预料到了这个:
{
"username:"asdasd",
"sub": "admin",
"aut": "APPLICATION",
"aud": "c_naYLY5PL_kbwo6k2yVsag5qg0a",
"nbf": 1707997026,
"azp": "c_naYLY5PL_kbwo6k2yVsag5qg0a",
"scope": "default",
"iss": "https://localhost:9443/oauth2/token",
"exp": 1708000626,
"iat": 1707997026,
"jti": "39282b4d-03a6-4e1d-a7f5-2c4bf8fb46a6",
"client_id": "c_naYLY5PL_kbwo6k2yVsag5qg0a"
}
即使我想要得到的结果无法使用这种方法来完成,我也想知道,并且我想知道你对此有何看法。
这已经在这里得到解答 - https://stackoverflow.com/a/63932466/3176125
在这里引用答案..
获取身份验证 JWT 中包含的角色声明的最简单方法是在服务提供商级别添加声明映射并请求具有 openid 范围的令牌。要执行此操作,请尝试以下步骤。
登录管理控制台
https://<host>:<port>/carbon
在左侧菜单中列出服务提供商
去编辑需要的服务商(开发者门户中的每个应用都有一个地图服务商)
将声明映射添加到
role
声明,如下所示
使用
scope=openid
参数发送令牌请求
curl -k -X POST https://localhost:8243/token -d "grant_type=password&username=<Username>&password=<Password>&scope=openid" -H "Authorization: Basic <Credentials>"
响应访问令牌将包含此格式的角色
{
"sub": "[email protected]",
"iss": "https://localhost:9443/oauth2/token",
"groups": [
"Internal/subscriber",
"Internal/creator",
"Application/apim_devportal",
"Application/admin_NewApp_PRODUCTION",
"Internal/publisher",
"Internal/everyone",
"Internal/analytics",
],
...
}
您也可以在这里阅读更多相关内容 - https://jabhax.medium.com/add-claims-to-jwt-for-wso2-apim-using-inbuilt-gateway-jwtgenerator-393b0bf873b3