c# - Getting claims in identity server using resource owner password -


i using identity server 4 authentication using grant type 'resourceownerpassword'. able authenticate user not able claims related user. how can ?

below code

client

startup.cs

app.useidentityserverauthentication(new identityserverauthenticationoptions             {                 authority = "http://localhost:5000",                 requirehttpsmetadata = false,                 apiname = "api1"             });

controller

public async task<iactionresult> authentication(loginviewmodel model)         {             var disco = await discoveryclient.getasync("http://localhost:5000");              // request token             var tokenclient = new tokenclient(disco.tokenendpoint, "ro.client", "secret");             var tokenresponse = await tokenclient.requestresourceownerpasswordasync(model.email, model.password, "api1");              if (tokenresponse.iserror)             {                 console.writeline(tokenresponse.error);             } // here not getting claims, coming forbidden             var extraclaims = new userinfoclient(disco.userinfoendpoint);             var identityclaims = await extraclaims.getasync(tokenresponse.accesstoken);             if (!tokenresponse.iserror)             {                 console.writeline(identityclaims.json);             }              console.writeline(tokenresponse.json);             console.writeline("\n\n"); }

server startup.cs

services.addidentityserver()                 .addtemporarysigningcredential()                 .addinmemorypersistedgrants()                 .addinmemoryidentityresources(config.getidentityresources())                 .addinmemoryapiresources(config.getapiresources())                 .addinmemoryclients(config.getclients(configuration))                 .addaspnetidentity<applicationuser>()                 .addprofileservice<identityprofileservice>()                 .addresourceownervalidator<resourceownerpasswordvalidator>();

config.cs

 public static ienumerable<client> getclients(iconfigurationroot configuration)         {             // client credentials client             return new list<client>             {                  // resource owner password grant client                 new client                 {                     clientid = "ro.client",                     allowedgranttypes = granttypes.resourceownerpassword,                      clientsecrets =                     {                         new secret("secret".sha256())                     },                     alwayssendclientclaims = true,                     alwaysincludeuserclaimsinidtoken = true,                       accesstokentype = accesstokentype.jwt                  }              };         }  public static ienumerable<apiresource> getapiresources()         {             return new list<apiresource>             {                 new apiresource("api1", "my api")             };         }

but when check access token in jwt.io there can see claims why not able in controller ?

any on appreciated !

you can call userinfoendpoint, per example, can additional claims if define apiresource requiring them.

for example, rather defining apiresource are:

new apiresource("api1", "my api")

you can use expanded format , define userclaims you'd have when getting access token scope. example:

new apiresource {     name = "api1",     apisecrets = { new secret(*some secret*) },     userclaims = {         jwtclaimtypes.email,         jwtclaimtypes.phonenumber,         jwtclaimtypes.givenname,         jwtclaimtypes.familyname,         jwtclaimtypes.preferredusername     },     description = "my api",     displayname = "myapi1",     enabled = true,     scopes = { new scope("api1") } }

then in own implementation of iprofileservice find calls getprofiledataasync have list of claims requested in context (profiledatarequestcontext.requestedclaimtypes). given list of what's been asked for, can add claims - - context.issuedclaims return method. these part of access token.

if want claims calling userinfo endpoint though, you'll want create identityresource definition , have scope included part of original token request. example:

new identityresource {     name = "myidentityscope",     userclaims = {         jwtclaimtypes.emailverified,         jwtclaimtypes.phonenumberverified     } }

but first problem following other answer here don't 'forbidden' response userinfo endpoint!


Comments

Post a Comment

Popular posts from this blog

javascript - Create a stacked percentage column -

i have collection of data : var data = [ {"p301a":"10","p301b":"7","p301c":"7","p301d":"3","p301e":"8","p301f":"8","p301g":"8","p301h":"8","p301i":"8","p301j":"8","p301k":"8","p301l":"8","p301m":"8","p301n":"8","p301o":"8","age":"31-40 years","profesion":"2","position":"2"}, {"p301a":"5","p301b":"4","p301c":"4","p301d":"4","p301e":"4","p301f":"4","p301g":"4","p301h":"4","p301i":"4","p301j":"4","p301k":"4...
Read more

Optimising Firebase database by automatically overwriting data -

in firebase app have following structure: posts latest all users can write posts > latest . want limit entries 20 posts save space in database. , posts beyond 20 unnecessary never shown on homepage. how can limit posts 20, when user writes posts > latest posts @ end drop off (be deleted) automatically? this sample should you. you need : const max_log_count = 20; exports.removeold = functions.database.ref('/posts/latest/{postid}').oncreate(event => { const parentref = event.data.ref.parent; return parentref.once('value').then(snapshot => { if (snapshot.numchildren() >= max_log_count) { let childcount = 0; const updates = {}; snapshot.foreach(function(child) { if (++childcount <= snapshot.numchildren() - max_log_count) { updates[child.key] = null; } }); // update parent. removes children. ...
Read more

javascript - Angular UI-Grid customTemplate directive causing rows to load slowly/? -

Image
each grid cell can have more 1 customtemplate loaded. have directive holds watcher on model_col_field listen cell updates on scroll when dom rows updated , recompile celltemplate . without watcher , $compile rows repeat on scroll, showing same set of rows. is there more angular way of approaching or way improve performance? relevant controller code: create gridoptions.data & gridoptions.columndefs : var customtemp = '<div ng-repeat="opt in grid.appscope.colvalueoptionsmodel" ng-init="tempstring=model_col_field.clazz+opt.key;"><comparison-directive dbo="model_col_field" attobj="opt" fff="grid.appscope.getattributetemplate(tempstring)" /></div>'; $scope.gridoptions.columndefs = [ { name:'yindex',pinnedleft:true,celltemplate: customtemp, displayname:'index'}, { name:'col1',celltemplate: customtemp}, { name:'col2',celltemplate: c...
Read more