IdentityServer4：您如何包含其他聲明並獲取API控制器中的值？

Question

如何在索賠中包含電子郵件並通過API控制器獲取電子郵件的價值？

IdentityServer4樣品：https://github.com/IdentityServer/IdentityServer4.Samples/tree/release/Quickstarts/8_EntityFrameworkStorage

API IdentityController https://github.com/IdentityServer/IdentityServer4.Samples/blob/release/Quickstarts/8_EntityFrameworkStorage/src/Api/Controllers/IdentityController.cs

爲TestUser https://github.com/IdentityServer/IdentityServer4.Samples/blob/release/Quickstarts/8_EntityFrameworkStorage/src/QuickstartIdentityServer/Quickstart/TestUsers.cs

Answer 1

當你定義的API資源（在Config.cs看看），你可以這樣做：

new ApiResource 
{ 
    Name = "api", 
    DisplayName = "My API", 

    UserClaims = 
    { 
     JwtClaimTypes.Id, 
     JwtClaimTypes.Subject, 
     JwtClaimTypes.Email 
    } 
} 

它定義你的API將會收到這些聲明。

編輯：

如果添加關聯資源的到GetIdentityResources功能會更好（見Config.cs）

有官方文檔中一眼就能有更好的畫面 http://docs.identityserver.io/en/release/topics/resources.html。

我給你一個完整的例子從一個個人項目：

public static IEnumerable<IdentityResource> GetIdentityResources() 
    { 
     //>Declaration 
     var lIdentityResources = new List<IdentityResource> 
     { 
      new IdentityResources.OpenId(), 
      new IdentityResources.Profile(), 
      new IdentityResources.Email() 
     }; 

     //>Processing 
     foreach (var lAPIResource in GetApiResources()) 
     { 
      lIdentityResources.Add(new IdentityResource(lAPIResource.Name, 
                 lAPIResource.UserClaims)); 
     } 

     //>Return 
     return lIdentityResources; 
    } 

    public static IEnumerable<ApiResource> GetApiResources() 
    { 
     return new List<ApiResource> 
     { 
      new ApiResource 
      { 
       Name = "api1", 
       DisplayName = "api1 API", 

       UserClaims = 
       { 
        JwtClaimTypes.Id, 
        JwtClaimTypes.Subject, 
        JwtClaimTypes.Email 
       } 
      } 
     }; 
    }