Saya telah menambahkan Klien saya ke aplikasi penyedia identitas IdentityServer4.
new Client
{
ClientId = "mvc4Simple",
ClientName = "MVC 4 Web Client",
AllowedGrantTypes = GrantTypes.HybridAndClientCredentials,
AllowAccessTokensViaBrowser = true,
RequireConsent = false,
ClientSecrets =
{
new Secret("secret".Sha256())
},
AlwaysIncludeUserClaimsInIdToken=true,
AlwaysSendClientClaims=true,
RedirectUris = { "https://localhost:44347/signin-oidc" },
PostLogoutRedirectUris = { "https://localhost:44347/signout-callback-oidc" },
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email
},
AllowOfflineAccess = true,
RequirePkce = false,
AllowPlainTextPkce = false
}
Dan IdentityResources seperti itu
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResources.Profile(),
new IdentityResources.Email()
};
}
Dan TestUser saya seperti itu
new TestUser
{
SubjectId = "12345678",
Username = "John",
Password = "12345",
Claims = new List<Claim> {
new Claim(ClaimTypes.Email, "[email protected]"),
new Claim(ClaimTypes.Role, "admin")
}
}
Dan klien saya adalah aplikasi asp.net MVC sederhana. Konfigurasi kliennya seperti itu
[assembly: OwinStartup(typeof(MVCSimple.Startup))]
namespace MVCSimple
{
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap =
new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "cookie"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "oidc",
Authority = "https://localhost:44316",
ClientId = "mvc4Simple",
ClientSecret = "secret",
ResponseType = "code id_token",
Scope = "openid profile",
UseTokenLifetime = false,
RedirectUri = "https://localhost:44347/signin-oidc",
PostLogoutRedirectUri = "https://localhost:44347/signout-callback-oidc",
SignInAsAuthenticationType = "cookie",
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = context =>
{
context.AuthenticationTicket.Identity.AddClaim(new
Claim(ClaimTypes.NameIdentifier, context.ProtocolMessage.IdToken));
return Task.FromResult(0);
},
RedirectToIdentityProvider = n =>
{
if (n.ProtocolMessage.RequestType ==
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectRequestType.Logout)
{
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
}
}
return Task.FromResult(0);
}
}
});
}
}
}
Otentikasi berfungsi dengan baik. Ini mengarahkan saya kembali ke aplikasi saya tetapi saya ingin tahu bagaimana saya bisa menetapkan klaim untuk TestUser saya yaitu Email dan Peran?