I am testing IdentityServer4 by looking at the documentation to learn more about OAuth2, OpenId Connect, and claims-based authentication, all of which I'm new to. However, some of the code examples behave strangely, and I cannot understand why ...
Therefore, based on my understanding, when granting permission to access user data, the client can turn to the UserInfo endpoint, which contains data, such as claims, etc.
IdentityServer4 even has a parameter
GetClaimsFromUserInfoEndpoint
that the documentation recommends setting true.
So, I follow the IdentityServer4 download guide, and everything works fine up to the point. This Quickstart contains the provided code sample, although I assume that I am missing something obvious and see that the code is not required.
Based on the openId configuration page of the running server, the userinfo endpoint is located at
http: // localhost: 5000 / connect / userinfo , and when I try to access it through the browser, I see a navigator that claims to be logged in, but The body of the page is a hint for entry. It looks weird, but I assume this is because I logged in to localhost: 5000 (IdentityServer4), but I am not sending the userId token I received for the client to localhost: 5002.
So, I wrote the following code in my client application:
public async Task<IActionResult> GetData()
{
var accessToken = HttpContext.Authentication.GetTokenAsync("access_token").Result;
HttpClient client = new HttpClient();
client.SetBearerToken(accessToken);
var userInfo = await client.GetStringAsync("http://localhost:5000/connect/userinfo");
return Content(userInfo);
}
, GetTokenAsync ( "access_token" ) , , API. , , IdentityServer .
, UserInfo?
: ,
, , , :
UserInfoClient uic = new UserInfoClient("http://localhost:5000", idToken);
var result = await uic.GetAsync();
return Content(JsonConvert.SerializeObject(result.Claims));
, , UserInfoClient " ", - .