我想使用 openiddict 创建一个包含 role=root 的 jwt 令牌。
{
"aud": "audience_01",
"client_id": "client_01",
"role": "root",
"scope": "scope_01"
}
这是我当前取回的 jwt 令牌的有效负载。它不包含预期的角色=root:
{
"sub": "client_01",
"oi_prst": "client_01",
"client_id": "client_01",
"oi_tkn_id": "2179f976-89f3-49ba-bb86-cefa0523a627",
"aud": "audience_01",
"scope": "scope_01",
"jti": "fa97eaf2-4716-45fa-9f03-aab977873386",
"exp": 1701893995,
"iss": "https://localhost:22401/",
"iat": 1701807595
}
我正在使用以下代码:
[HttpPost("~/connect/token")]
public async ValueTask<IActionResult> Exchange()
{
//retrieve OIDC request from original request
var request = HttpContext.GetOpenIddictServerRequest() ??
throw new InvalidOperationException("The OpenID Connect request cannot be retrieved.");
if (request.IsClientCredentialsGrantType())
{
var clientId = request.ClientId;
var identity = new ClaimsIdentity(authenticationType: TokenValidationParameters.DefaultAuthenticationType,
nameType: Claims.Name,
roleType: Claims.Role
);
identity.AddClaim(Claims.Subject, clientId);
identity.AddClaim(Claims.Name, "claims_name");
identity.AddClaim(Claims.Role, "root");
identity.SetScopes(request.GetScopes());
identity.SetResources(await _scopeManager.ListResourcesAsync(identity.GetScopes()).ToListAsync());
var principal = new ClaimsPrincipal(identity);
// Returning a SignInResult will ask OpenIddict to issue the appropriate access/identity tokens.
return SignIn(principal, OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);
}
throw new NotImplementedException("The specified grant type is not implemented.");
}
您的声明没有附加
destination
,因此 OpenIddict 不会将它们复制到它将根据您的 ClaimsPrincipal
生成的访问令牌。
请参阅 https://documentation.openiddict.com/guides/getting-started.html 了解如何调用
SetDestinations()
的示例。