[英]Get name and email claim using IdentityServer from Google auth (SPA)
I'm new to using Identity Server for SPA auth but I started following this example: Authentication and authorization for SPAs and with some tinkering I've now also added Google auth.我刚开始使用 Identity Server 进行 SPA 身份验证,但我开始遵循以下示例: SPA 的身份验证和授权,经过一些修补,我现在还添加了 Google 身份验证。 However, I'm having trouble getting the external Google claims merged into my application's claims (for example: given_name
).但是,我无法将外部 Google 声明合并到我的应用程序声明中(例如: given_name
)。
I've verified that Google does send back the appropriate claims but nothing seems to map those claims, eg options.ClaimActions.MapJsonKey(ClaimTypes.GivenName, "given_name");
我已经验证谷歌确实发回了适当的声明,但似乎没有任何内容映射这些声明,例如options.ClaimActions.MapJsonKey(ClaimTypes.GivenName, "given_name");
. . When I access one of my protected endpoints my claims do not include any of the additional google claims.当我访问受保护的端点之一时,我的声明不包括任何其他 google 声明。
I did find some additional documentation Persist additional claims... which tells me to add the claim in OnPostConfirmationAsync (Account/ExternalLogin.cshtml.cs)
but since this is an SPA that page doesn't exist.我确实找到了一些额外的文档Persist additional claim ...它告诉我在OnPostConfirmationAsync (Account/ExternalLogin.cshtml.cs)
添加声明,但由于这是一个 SPA,该页面不存在。 Is there another approach to this?还有另一种方法吗? I haven't been able to find much that doesn't use the Page / OnPostConfirmationAsync
.我找不到很多不使用Page / OnPostConfirmationAsync
。
Thanks谢谢
Including relevant details from my Startup.cs
in case I'm doing something wrong here:包括我的Startup.cs
中的相关详细信息,以防我在这里做错了:
I've tried a few different variants from other examples I've found but我已经从我发现的其他示例中尝试了一些不同的变体,但是
services
.AddDefaultIdentity<AppUser>(options => options.SignIn.RequireConfirmedAccount = true)
.AddRoles<AppRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders();
services.AddIdentityServer()
.AddApiAuthorization<AppUser, ApplicationDbContext>();
services
.AddAuthentication()
.AddIdentityServerJwt()
.AddGoogle(options =>
{
options.ClientId = Configuration["Auth:Google:ClientId"];
options.ClientSecret = Configuration["Auth:Google:ClientSecret"];
options.AuthorizationEndpoint += "?prompt=consent"; // Hack so we always get a refresh token, it only comes on the first authorization response
options.AccessType = "offline";
options.SaveTokens = true;
options.Scope.Add("https://www.googleapis.com/auth/userinfo.email");
options.Scope.Add("https://www.googleapis.com/auth/userinfo.profile");
options.ClaimActions.MapJsonKey(ClaimTypes.GivenName, "given_name");
})
And my api is simply:我的 api 很简单:
[Authorize()]
[Route("test")]
public IActionResult Test()
{
var all = User.Claims.Select(s => $"{s.Type}: {s.Value}");
return Ok(all);
}
The only way I've been able to handle this is to scaffold the needed ExternalLogin page (like @d_f mentioned in the question's comments) and then continue following the Persist additional claims steps.我能够处理此问题的唯一方法是搭建所需的 ExternalLogin页面(如问题评论中提到的 @d_f),然后继续执行Persist 附加声明步骤。 I was hoping I could just set a collection of claims to keep in my Startup file and it would work but Identity Server just uses its internal ExternalLogin
(Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal) and the code there doesn't handle adding external claims.我希望我可以设置一组声明以保留在我的启动文件中,它会起作用,但 Identity Server 只使用其内部ExternalLogin
(Microsoft.AspNetCore.Identity.UI.V4.Pages.Account.Internal) 和那里的代码不处理添加外部声明。 This works for now but I would prefer a way of not needing to scaffold the ExternalLogin page.这现在有效,但我更喜欢一种不需要搭建 ExternalLogin 页面的方法。
I tried asking for clarification on the official docs but my question was closed (instead they suggested I ask on StackOverflow - lol).我尝试要求对官方文档进行澄清,但我的问题已关闭(相反,他们建议我在 StackOverflow 上提问 - 大声笑)。 However there seems to be some work being done on improving the docs and flowing the claims through, if interested you can dig through this GitHub issue: https://github.com/dotnet/AspNetCore.Docs/issues/16488然而,似乎在改进文档和传递声明方面正在做一些工作,如果有兴趣,你可以挖掘这个 GitHub 问题: https : //github.com/dotnet/AspNetCore.Docs/issues/16488
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.