填充的用户中没有访问令牌(要求原则)

本文介绍了填充的用户中没有访问令牌(要求原则)的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我们正在为IdentityServer使用IdentityServer4，为客户端(ASP.NET MVC 5)使用IdentityServer3.

一切正常(通过OWIN正确设置了User/Claimsprincipal)，但我无法从User获取访问令牌.

我们正在使用可以访问以下范围的隐式客户端:openid, profile, testapi

Startup.cs:

app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
    Authority = identityServerUrl,
    RequiredScopes = new[] { "testapi" },
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = "Cookies",
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    Authority = identityServerUrl,
    ClientId = "testclient",
    Scope = "openid profile testapi",
    RedirectUri = "http://localhost:49000/signin-oidc",
    ResponseType = "id_token token",
    SignInAsAuthenticationType = "Cookies",
});

用于检索访问令牌的代码(在一个控制器内部):

var user = User as ClaimsPrincipal;
var token = user.FindFirst("access_token");

用户设置正确，但令牌为空.我猜这是我在startup.cs中缺少的某种选择，但是哪个呢?

解决方案

我找到了一种完全符合我想要的解决方案的方法-我将其放在这里，以解决其他遇到问题的人.它花费了对IdentityModel的依赖，但是在我的情况下可以接受:

在Startup.cs中，我添加了:

Notifications = new OpenIdConnectAuthenticationNotifications
{
    AuthorizationCodeReceived = async n =>
    {
        var tokenClient = new TokenClient(identityServerUrl + "/connect/token", clientId, secret);
        var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(n.Code, n.RedirectUri);
        HttpContext.Current.Session[HttpUserContext.ACCESS_TOKEN] = tokenResponse.AccessToken;
    }
}

前往.UseOpenIdConnectAuthentication

的呼叫

We're using IdentityServer4 for our IdentityServer and IdentityServer3 for the client (ASP.NET MVC 5).

Everything works (the User/Claimsprincipal is set correctly through OWIN) except I cannot get the access token from the User.

We're using a implicit client which has access to these scopes: openid, profile, testapi

Startup.cs:

app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
    Authority = identityServerUrl,
    RequiredScopes = new[] { "testapi" },
});
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = "Cookies",
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
    Authority = identityServerUrl,
    ClientId = "testclient",
    Scope = "openid profile testapi",
    RedirectUri = "http://localhost:49000/signin-oidc",
    ResponseType = "id_token token",
    SignInAsAuthenticationType = "Cookies",
});

Code to retrieve Access Token (inside one of the controllers):

var user = User as ClaimsPrincipal;
var token = user.FindFirst("access_token");

User is set correctly, but the token is null. I am guessing it is some kind of option that I am missing in the startup.cs, but which?

解决方案

I found a solution that does exactly what I want - I'm putting it here for anyone else running into the problem. It costs a dependency on IdentityModel, but that is acceptable in my case:

In Startup.cs, I added:

Notifications = new OpenIdConnectAuthenticationNotifications
{
    AuthorizationCodeReceived = async n =>
    {
        var tokenClient = new TokenClient(identityServerUrl + "/connect/token", clientId, secret);
        var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(n.Code, n.RedirectUri);
        HttpContext.Current.Session[HttpUserContext.ACCESS_TOKEN] = tokenResponse.AccessToken;
    }
}

To the call to .UseOpenIdConnectAuthentication

这篇关于填充的用户中没有访问令牌(要求原则)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！