-
Notifications
You must be signed in to change notification settings - Fork 4k
What's the right way to create a IProfileService
#2552
Comments
The design is that you indicate the expected claim types on the IdentityResource or the ApiResource if you wan those claims in the tokens. |
I do add the claims but why it filter again ? |
And Is there a sample of ExtensionGrant and custem claims in access_token ? |
Thanks for anwser my question.~~ But I'm confusing about I read this doc and now I understand except one I'm not sure. Is |
As I said before, the claims in the tokens are controlled by which UserClaims you designate when you model the IdentityResource and ApiResource. Perhaps you read the docs: http://docs.identityserver.io/en/release/topics/resources.html |
@brockallen var claimsNames = new List<string>();
claimsNames.AddRange(context.RequestedResources.IdentityResources.SelectMany(r => r.UserClaims));
claimsNames.AddRange(context.RequestedResources.ApiResources.SelectMany(r => r.UserClaims));
context.RequestedClaimTypes = claimsNames; and the // I can't insert a screenshot here :(
{
ApiResources: [
{
Name: "myApi"
//...
}
],
IdentityResources: [
{
Name:"wechat.app.openId",
UserClaims:[
"wechatminiapp-openid"
]
//...
}
]
} Is this by design ? ps: This happened in |
All set on this issue -- can we close? |
@brockallen Can you answer my last question : Why this is how I request the access_token : let response = await this._client.postFormAsync<tokenResposne>({
url:`${setting.authEndPoint}/connect/token`,
data:{
grant_type:"my extend grant type",
client_id:"myclient",
client_secret:"mysecret",
code:res.code, // this is my extend grant needed parameter
scope:"myApiScope myExtendGrantIdentityScope"
}
}); |
As I said before, RequestedClaimTypes is populated by the user claim types configured in the IdentityResource or the ApiResource. It's up to your profile service to honor or ignore that. |
@brockallen I'm confusing about the This is the my expected behavior of the
actual behavior: only grant type "Impact" has What's the reason IdentityServer can not registe a functional |
@brockallen Is this a bug or there's another class controled this .
I read this doc , and their |
There is a default one that uses the cookie as the source of claims for tokens. But if your DB contains more, then you need to implement your own since we don't know your user DB. |
The link is broken. Correct link: http://docs.identityserver.io/en/latest/topics/resources.html |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
I saw the code about
DefaultProfileService
andTestProfileService
but it seems not work properly.here's the hybrid flow log (I'm manually add the "name" claim in context.RequestedClaimTypes)
From the sourse code :
DefaultProfileService
andTestProfileService
only add claims inProfileDataRequestContext.RequestedClaimTypes
which only has value in "Implicit flow"I have service that use "Extension Grants"
here's the ProfileService I used
and the problem is that I must specify the "IdentityResource name" so it can contains the cliam in access_token
The text was updated successfully, but these errors were encountered: