我成功地实现了我的自定义OAuthAuthorizationServerProvider。但是当我登录并检索到一个令牌时,我的客户端不了解用户的角色,索赔等。
我目前添加了一个webapi控制器来返回主体声明的列表,但是我并不满意。
当请求令牌时,当前响应如下所示:
{ access_token: "qefelgrebjhzefilrgo4583535",token_type: "bearer",expires_in: 59 }
Q>如何使其返回类似于以下代码段?
{ access_token: "qefelgrebjhzefilrgo4583535",expires_in: 59,user: { name: 'foo',role: 'bar' } }
我的进步到目前为止
OAuthAuthorizationServerProvider#TokenEndpoint(OAuthTokenEndpointContext)的文档说:
Called at the final stage of a successful Token endpoint request. An application
may implement this call in order to do any final modification of the claims
being used to issue access or refresh tokens. This call may also be used
in order to add additional response parameters to the Token endpoint’s json
response body.
解决方法
可能您正在寻找OAuthAuthorizationServerProvider的TokenEndpoint方法覆盖。
public override Task TokenEndpoint(OAuthTokenEndpointContext context) { foreach (KeyValuePair<string,string> property in context.Properties.Dictionary) { context.AdditionalResponseParameters.Add(property.Key,property.Value); } return Task.FromResult<object>(null); }