如何删除访问令牌中未使用的声明?
-
ABP框架版本: v5.2.2
-
用户界面类型:角度
-
数据库提供者:EF Core
-
分层(MVC)或身份服务器分离(角度):是/否
-
异常消息和堆栈跟踪:
-
重现问题的步骤:"
嗨,我想删除访问令牌中的“ unique_name ”和“ preferred_username ”声明,但不知道该怎么做,我试图删除 Api Resources 中的所有声明,但这些声明仍然存在。
知道如何删除它吗?
-
maliming 创建 4月之前
支持团队
你好
您可以添加一个新
IAbpClaimsPrincipalContributor的以从中删除一些声明context.ClaimsPrincipal.Identities.FirstOrDefault()https://docs.abp.io/en/abp/latest/Authorization#claims-principal-factory
-
0 nhontran 创建 4月之前
嗨@maliming,我已经尝试过但它不起作用,索赔列表中未返回索赔:
public class CustomClaimsPrincipalContributor : IAbpClaimsPrincipalContributor, ITransientDependency { public Task ContributeAsync(AbpClaimsPrincipalContributorContext context) { var identity = context.ClaimsPrincipal.Identities.FirstOrDefault(); if (identity != null) { // these 2 claims not found var uniqueNameClaim = identity.FindFirst("unique_name"); var preferredUserNameClaim = identity.FindFirst("preferred_username"); identity.TryRemoveClaim(uniqueNameClaim); identity.TryRemoveClaim(preferredUserNameClaim); } return Task.CompletedTask; } } -
0 maliming 创建 4月之前 支持团队
-
嗨@maliming,你检查的是哪个版本?它不适用于 5.2.2 版。
你能查一下并告诉我吗?谢谢。
-
你好
它不适用于 5.2.2 版。
请创建一个 5.2.2 项目并重现问题,然后与我分享。谢谢
-
你好
public override void ConfigureServices(ServiceConfigurationContext context) { context.Services.Replace(ServiceDescriptor.Transient<IUserClaimsPrincipalFactory<IdentityUser>, MyUserClaimsFactory<IdentityUser>>()); }using System; using System.IdentityModel.Tokens.Jwt; using System.Linq; using System.Security.Claims; using System.Security.Principal; using System.Threading.Tasks; using IdentityModel; using Microsoft.AspNetCore.Identity; using Volo.Abp.DependencyInjection; using Volo.Abp.Security.Claims; using IdentityUser = Volo.Abp.Identity.IdentityUser; namespace AbpApplicationTemplate; public class MyUserClaimsFactory<TUser> : IUserClaimsPrincipalFactory<TUser> where TUser : class { private readonly IObjectAccessor<IUserClaimsPrincipalFactory<TUser>> _inner; private readonly UserManager<TUser> _userManager; private readonly ICurrentPrincipalAccessor _currentPrincipalAccessor; private readonly IAbpClaimsPrincipalFactory _abpClaimsPrincipalFactory; public MyUserClaimsFactory(IObjectAccessor<IUserClaimsPrincipalFactory<TUser>> inner, UserManager<TUser> userManager, ICurrentPrincipalAccessor currentPrincipalAccessor, IAbpClaimsPrincipalFactory abpClaimsPrincipalFactory) { _inner = inner; _userManager = userManager; _currentPrincipalAccessor = currentPrincipalAccessor; _abpClaimsPrincipalFactory = abpClaimsPrincipalFactory; } public async Task<ClaimsPrincipal> CreateAsync(TUser user) { var principal = await _inner.Value.CreateAsync(user); var identity = principal.Identities.First(); if (!identity.HasClaim(x => x.Type == JwtClaimTypes.Subject)) { var sub = await _userManager.GetUserIdAsync(user); identity.AddIfNotContains(new Claim(JwtClaimTypes.Subject, sub)); } var username = await _userManager.GetUserNameAsync(user); var usernameClaim = identity.FindFirst(claim => claim.Type == _userManager.Options.ClaimsIdentity.UserNameClaimType && claim.Value == username); if (usernameClaim != null) { identity.RemoveClaim(usernameClaim); identity.AddIfNotContains(new Claim(JwtClaimTypes.PreferredUserName, username)); //https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1627 //https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/05e02b5e0383be40e45c667c12f6667d38e33fcc/src/System.IdentityModel.Tokens.Jwt/ClaimTypeMapping.cs#L52 identity.AddIfNotContains(new Claim(JwtRegisteredClaimNames.UniqueName, username)); } if (!identity.HasClaim(x => x.Type == JwtClaimTypes.Name)) { identity.AddIfNotContains(new Claim(JwtClaimTypes.Name, username)); } if (_userManager.SupportsUserEmail) { var email = await _userManager.GetEmailAsync(user); if (!string.IsNullOrWhiteSpace(email)) { identity.AddIfNotContains(new Claim(JwtClaimTypes.Email, email)); identity.AddIfNotContains(new Claim(JwtClaimTypes.EmailVerified, await _userManager.IsEmailConfirmedAsync(user) ? "true" : "false", ClaimValueTypes.Boolean)); } } if (_userManager.SupportsUserPhoneNumber) { var phoneNumber = await _userManager.GetPhoneNumberAsync(user); if (!string.IsNullOrWhiteSpace(phoneNumber)) { identity.AddIfNotContains(new Claim(JwtClaimTypes.PhoneNumber, phoneNumber)); identity.AddIfNotContains(new Claim(JwtClaimTypes.PhoneNumberVerified, await _userManager.IsPhoneNumberConfirmedAsync(user) ? "true" : "false", ClaimValueTypes.Boolean)); } } if (user is IdentityUser identityUser) { if (!identityUser.Name.IsNullOrEmpty()) { identity.AddIfNotContains(new Claim(JwtClaimTypes.GivenName, identityUser.Name)); } if (!identityUser.Surname.IsNullOrEmpty()) { identity.AddIfNotContains(new Claim(JwtClaimTypes.FamilyName, identityUser.Surname)); } } using (_currentPrincipalAccessor.Change(identity)) { await _abpClaimsPrincipalFactory.CreateAsync(principal); } return principal; } }
转自 https://support.abp.io/QA/Questions/3858/How-to-remove-the-unused-claims-in-access-token
标签:AddIfNotContains,自定义,userManager,abp,JwtClaimTypes,token,new,using,identity From: https://www.cnblogs.com/wl-blog/p/17095944.html