[英]IdentityServer3 rejecting responsetypes that appear in openid “wellknown” configuration
[英]identityserver3 openid configuration not showing all scopes
我正在阅读Identityserver3入门指南,其中提到了开放ID配置端点:
身份/。众所周知/ openid-配置
它将列出您的范围。 在他们的示例中列出:
在我的应用程序中,我创建了一个称为api的范围,当我创建客户端时,我将AllowAccessToAllScopes设置为true,但是当转到openid配置端点时,我得到了:
{
"issuer":"https://localhost:44313",
"jwks_uri":"https://localhost:44313/identity/.well-known/jwks",
"authorization_endpoint":"https://localhost:44313/identity/connect/authorize",
"token_endpoint":"https://localhost:44313/identity/connect/token",
"userinfo_endpoint":"https://localhost:44313/identity/connect/userinfo",
"end_session_endpoint":"https://localhost:44313/identity/connect/endsession",
"check_session_iframe":"https://localhost:44313/identity/connect/checksession",
"revocation_endpoint":"https://localhost:44313/identity/connect/revocation",
"introspection_endpoint":"https://localhost:44313/identity/connect/introspect",
"frontchannel_logout_supported":true,
"frontchannel_logout_session_supported":true,
"scopes_supported":[
"api"
],
"claims_supported":[
],
"response_types_supported":[
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported":[
"form_post",
"query",
"fragment"
],
"grant_types_supported":[
"authorization_code",
"client_credentials",
"password",
"refresh_token",
"implicit"
],
"subject_types_supported":[
"public"
],
"id_token_signing_alg_values_supported":[
"RS256"
],
"code_challenge_methods_supported":[
"plain",
"S256"
],
"token_endpoint_auth_methods_supported":[
"client_secret_post",
"client_secret_basic"
]
}
如您所见,仅支持一个范围。 有人知道为什么吗? 还是我可以在那里获得所有示波器?
我想通了。 如果您查看我提供的链接,那么内存中的第一个示例将使用StandardScopes.All 。 我在存储库中查看了一下,并看到了它添加的作用域列表。 我决定更改ScopeStore并添加以下范围,如下所示:
public class ScopeStore: IScopeStore
{
private readonly DbContext _context;
public ScopeStore(DbContext context)
{
_context = context;
}
public async Task<IEnumerable<IdentityServer3.Core.Models.Scope>> FindScopesAsync(IEnumerable<string> scopeNames)
{
var models = await List().Where(m => scopeNames.Contains(m.Name)).ToListAsync();
return AddStandardScopes(models);
}
public async Task<IEnumerable<IdentityServer3.Core.Models.Scope>> GetScopesAsync(bool publicOnly = true)
{
var models = await List(publicOnly).ToListAsync();
return AddStandardScopes(models);
}
/// <summary>
/// Gets a list of Scopes
/// </summary>
/// <param name="publicOnly">A boolean to show public scopes or not</param>
/// <returns>The matched Scopes</returns>
public IQueryable<IdentityServer3.EntityFramework.Entities.Scope> List(bool publicOnly = true, params string[] includes)
{
var models = _context.Set<IdentityServer3.EntityFramework.Entities.Scope>();
if (publicOnly)
return models.Where(m => m.ShowInDiscoveryDocument);
return models;
}
private IEnumerable<IdentityServer3.Core.Models.Scope> AddStandardScopes(IEnumerable<IdentityServer3.EntityFramework.Entities.Scope> scopes)
{
var models = scopes.Select(m => m.ToModel()).ToList();
models.AddRange(StandardScopes.All.ToList());
return models;
}
}
完成此操作后,当我返回到配置页面时,所有作用域都将列出,最终我可以获得用户信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.