我如何将计算字段添加到 access_token / id_token答案

【问题标题】：How i can add the calculated fields to access_token / id_token我如何将计算字段添加到 access_token / id_token
【发布时间】：2018-08-11 11:11:48
【问题描述】：

我正在使用 IdentityServer4，我想将计算字段添加到 access_token / id_token。

此类字段的示例可以是用户的 IP（或令牌绑定哈希），令牌将附加到该字段。

问：我该怎么做？

在此先感谢，抱歉英语不好。

【问题讨论】：

对不起，我不能完全理解你的问题：v
@Agent_Orange 抱歉 :)。我希望 identityServer 将登录期间收到的用户 IP 地址包含在 access_token 中。我该怎么做？
也许这可以帮助get remote IP Address of client in identity server 4
感谢您的尝试。但是这个问题对我没有帮助。

标签： c# asp.net-core oauth-2.0 identityserver4 openid-connect

【解决方案1】：

您可以通过在 UserManager 实现中创建一个方法来添加包含计算字段的声明。

public class UserManager: IUserManager
{
    ...other code here removed for simplicity

    public List<Claim> GetClaimsAsync(Models.User user)
    {
        var claims = new List<Claim>();             

        claims.Add(new Claim(JwtClaimTypes.PreferredUserName, user.USER_ID.ToString().Trim()));

        //This next line is pseudo coded and would need to be coded.
        claims.Add(new Claim("MyCalculatedIP", MyFunctionToGetUserIP().ToString().Trim()));


        return claims;
    }

    ...other code here removed for simplicity
}

从实现 IProfileService 的类中调用它。我命名了我的 ProfileService。

/// <summary>
///  implement the interface called "IProfileService", which is used for authorization.
/// </summary>
public class ProfileService : IProfileService
{
    IUserManager _myUserManager;
    private readonly ILogger<ProfileService> _logger;


    public ProfileService(ILogger<ProfileService> logger, IUserManager userManager)
    {
        _logger = logger;
        _myUserManager = userManager;
    }

    public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
    {            
        var user = await _myUserManager.Find(context.UserName, context.Password);

        if (user != null)
        {
            context.Result = new GrantValidationResult(
                             subject: user.USER_ID,
                             authenticationMethod: "custom",
                             claims: await _myUserManager.GetClaimsAsync(user));
        }
        else
        {                 
            context.Result = new GrantValidationResult(
                             TokenRequestErrors.InvalidRequest, 
                    errorDescription: "UserName or Password Incorrect.");
        }             
    }

    public async Task GetProfileDataAsync(ProfileDataRequestContext context)
    {
        _logger.LogDebug("Get profile called for {subject} from {client} with {claimTypes} because {caller}",
            context.Subject.GetSubjectId(),
            context.Client.ClientName,
            context.RequestedClaimTypes,
            context.Caller);

        var sub = context.Subject.FindFirst("sub")?.Value;
        if (sub != null)
        {
            var user = await _myUserManager.FindByNameAsync(sub);
            var cp = getClaims(user);

            var claims = cp.Claims;                

            context.IssuedClaims = claims.ToList();
        }
    }

    private ClaimsPrincipal getClaims(User user)
    {
        if (user == null)
        {
            throw new ArgumentNullException(nameof(user));
        }

        var id = new ClaimsIdentity();

        id.AddClaims(_myUserManager.GetClaimsAsync(user));

        return new ClaimsPrincipal(id);
    }

    /// <summary>
    /// Called by IdentityServer Middleware.
    /// </summary>
    /// <param name="context"></param>
    /// <returns></returns>
    public async Task IsActiveAsync(IsActiveContext context)
    {
        var sub = context.Subject.GetSubjectId();
        var user = await _myUserManager.FindByNameAsync(sub);
        context.IsActive = user != null;
        return;
    }
}

在 Startup 类中添加 ProfileService 对象以进行依赖注入。

public void ConfigureServices(IServiceCollection services)
{
     ...other code here removed for simplicity

     Services.AddTransient<IProfileService, ProfileService>();

     ...other code here removed for simplicity
}

有用的资源 artile

【讨论】：