贴出主要代码(以下源码的位置位于:IdentityServer4.Services.DefaultClaimsService)

        /// <summary>

        /// Returns claims for an identity token

        /// </summary>

        /// <param name="subject">The subject</param>

        /// <param name="resources">The requested resources</param>

        /// <param name="includeAllIdentityClaims">Specifies if all claims should be included in the token, or if the userinfo endpoint can be used to retrieve them</param>

        /// <param name="request">The raw request</param>

        /// <returns>

        /// Claims for the identity token

        /// </returns>

        public virtual async Task<IEnumerable<Claim>> GetIdentityTokenClaimsAsync(ClaimsPrincipal subject, Resources resources, bool includeAllIdentityClaims, ValidatedRequest request)

        {

            Logger.LogDebug("Getting claims for identity token for subject: {subject} and client: {clientId}",

                subject.GetSubjectId(),

                request.Client.ClientId);

            var outputClaims = new List<Claim>(GetStandardSubjectClaims(subject));

            outputClaims.AddRange(GetOptionalClaims(subject));

            // fetch all identity claims that need to go into the id token

            if (includeAllIdentityClaims || request.Client.AlwaysIncludeUserClaimsInIdToken)

            {

                var additionalClaimTypes = new List<string>();

                foreach (var identityResource in resources.IdentityResources)

                {

                    foreach (var userClaim in identityResource.UserClaims)

                    {

                        additionalClaimTypes.Add(userClaim);

                    }

                }

                // filter so we don't ask for claim types that we will eventually filter out

                additionalClaimTypes = FilterRequestedClaimTypes(additionalClaimTypes).ToList();

                var context = new ProfileDataRequestContext(

                    subject,

                    request.Client,

                    IdentityServerConstants.ProfileDataCallers.ClaimsProviderIdentityToken,

                    additionalClaimTypes);

                await Profile.GetProfileDataAsync(context);

                var claims = FilterProtocolClaims(context.IssuedClaims);

                if (claims != null)

                {

                    outputClaims.AddRange(claims);

                }

            }

            else

            {

                Logger.LogDebug("In addition to an id_token, an access_token was requested. No claims other than sub are included in the id_token. To obtain more user claims, either use the user info endpoint or set AlwaysIncludeUserClaimsInIdToken on the client configuration.");

            }

            return outputClaims;

        }

        /// <summary>

        /// Returns claims for an identity token.

        /// </summary>

        /// <param name="subject">The subject.</param>

        /// <param name="resources">The requested resources</param>

        /// <param name="request">The raw request.</param>

        /// <returns>

        /// Claims for the access token

        /// </returns>

        public virtual async Task<IEnumerable<Claim>> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, Resources resources, ValidatedRequest request)

        {

            Logger.LogDebug("Getting claims for access token for client: {clientId}", request.Client.ClientId);

            // add client_id

            var outputClaims = new List<Claim>

            {

                new Claim(JwtClaimTypes.ClientId, request.Client.ClientId)

            };

            // check for client claims

            if (request.ClientClaims != null && request.ClientClaims.Any())

            {

                if (subject == null || request.Client.AlwaysSendClientClaims)

                {

                    foreach (var claim in request.ClientClaims)

                    {

                        var claimType = claim.Type;

                        if (request.Client.PrefixClientClaims)

                        {

                            claimType = "client_" + claimType;

                        }

                        outputClaims.Add(new Claim(claimType, claim.Value, claim.ValueType));

                    }

                }

            }

            // add scopes

            foreach (var scope in resources.IdentityResources)

            {

                outputClaims.Add(new Claim(JwtClaimTypes.Scope, scope.Name));

            }

            foreach (var scope in resources.ApiResources.SelectMany(x => x.Scopes))

            {

                outputClaims.Add(new Claim(JwtClaimTypes.Scope, scope.Name));

            }

            // a user is involved

            if (subject != null)

            {

                if (resources.OfflineAccess)

                {

                    outputClaims.Add(new Claim(JwtClaimTypes.Scope, IdentityServerConstants.StandardScopes.OfflineAccess));

                }

                Logger.LogDebug("Getting claims for access token for subject: {subject}", subject.GetSubjectId());

                outputClaims.AddRange(GetStandardSubjectClaims(subject));

                outputClaims.AddRange(GetOptionalClaims(subject));

                // fetch all resource claims that need to go into the access token

                var additionalClaimTypes = new List<string>();

                foreach (var api in resources.ApiResources)

                {

                    // add claims configured on api resource

                    if (api.UserClaims != null)

                    {

                        foreach (var claim in api.UserClaims)

                        {

                            additionalClaimTypes.Add(claim);

                        }

                    }

                    // add claims configured on scope

                    foreach (var scope in api.Scopes)

                    {

                        if (scope.UserClaims != null)

                        {

                            foreach (var claim in scope.UserClaims)

                            {

                                additionalClaimTypes.Add(claim);

                            }

                        }

                    }

                }

                // filter so we don't ask for claim types that we will eventually filter out

                additionalClaimTypes = FilterRequestedClaimTypes(additionalClaimTypes).ToList();

                var context = new ProfileDataRequestContext(

                    subject,

                    request.Client,

                    IdentityServerConstants.ProfileDataCallers.ClaimsProviderAccessToken,

                    additionalClaimTypes.Distinct());

                await Profile.GetProfileDataAsync(context);

                var claims = FilterProtocolClaims(context.IssuedClaims);

                if (claims != null)

                {

                    outputClaims.AddRange(claims);

                }

            }

            return outputClaims;

        }

  

简易总结:

AccessToken
从ApiResource中的UserClaims和Scopes.UserClaims中提取返回的Claims类型,构建一个上下文,再调用Profile.GetProfileDataAsync()获取,根据上面提取的Claims类型限制最终返回的Claims

IdentityToken
从IdentityResource的UserClaims中提取返回的Claims类型,构建一个上下文,再调用Profile.GetProfileDataAsync()获取,根据上面提取的Claims类型限制最终返回的Claims
在IdentityResource.UserClaims中设置的内容需要将Client.AlwaysIncludeUserClaimsInIdToken设置为true

GetIdentityTokenClaimsAsync的includeAllIdentityClaims参数只有在只请求IdToken的时候会被设置成true,
官方解释:if no access token is requested, then we need to include all the claims in the id token

IdentityServer4中AccessToken和IdentityToken中包含的Claims构成的更多相关文章

  1. 判断DataTale中判断某个字段中包含某个数据

    // <summary> /// 判断DataTale中判断某个字段中包含某个数据 /// </summary> /// <param name="dt&quo ...

  2. 转载:C++中两个类中互相包含对方对象的指针问题

    原文链接:http://www.cnblogs.com/hanxi/archive/2012/07/25/2608068.html 前几天很不爽,因为C++中两个类中互相包含对方对象的指针编译时提示某 ...

  3. 多态时最好将基类的析构函数设为virtual、 C++中两个类相互包含引用问题 (转载)

    多态:http://blog.csdn.net/tmljs1988/article/details/8146521 C++中两个类相互包含引用问题:http://blog.csdn.net/leo11 ...

  4. struts 2中为什么抽象包不能包含action?

    struts 2中为什么抽象包不能包含action?麻烦写详细点!

  5. sql中同一个Trigger里同时包含Insert,Update,Delete

    sql中同一个Trigger里同时包含Insert,Update,Delete SQLServer是靠Inserted表和Deleted表来处理的,判断一下就可以了,只不过比ORACLE麻烦一点 cr ...

  6. IdentityServer4在Asp.Net Core中的应用(三)

    今天的内容是授权模式中的简化模式,还是先看以下授权流程图: 在这种模式中我们将与OpenID结合使用,所以首先我们要了解OpenID和OAuth的区别,关于他们的区别,在我上一篇博客<理解Ope ...

  7. OpenCV - Android Studio 中集成Opencv环境(包含opencv_contrib部分)

    我在上一篇博客中说到了在Android中集成OpenCV,但是那个版本的OpenCV是没有SIFT和SURF算法的,因为这些算法是受专利保护的,所以并没有被包含在预编译库中,所以如果想要使用SIFT和 ...

  8. C++中两个类相互包含引用问题

    在构造自己的类时,有可能会碰到两个类之间的相互引用问题,例如:定义了类A类B,A中使用了B定义的类型,B中也使用了A定义的类型 class A { int i; B b; } class B { in ...

  9. Java中list集合ArrayList 中contains包含的使用

    Java中list集合ArrayList 中contains包含的使用 https://blog.csdn.net/qq_38556611/article/details/78774690

随机推荐

  1. 方程式ETERNALBLUE 之fb.py的复现

    原文链接:https://www.t00ls.net/viewthread.php?tid=39343

  2. 对Http协议基本原理的理解

    超文本传输协议 超文本传输协议(HTTP,HyperText Transfer Protocol)是互联网上应用最为广泛的一种网络传输协议,所有的WWW文件都必须遵守这个标准.设计HTTP最初的目的是 ...

  3. fiddler 修改

    很多新手学习fiddler抓包的同学们都会对https网站抓包难或者抓不起来的问题无所适从,想寻求解决办法,没问题,这节课就来解决你的疑问! 最典型的网站就是目前的百度网站了,百度在近些年采用了htt ...

  4. [No0000D1]WPF—TreeView无限极绑定集合形成树结构

    1.如图所示:绑定树效果图 2.前台Xaml代码: <Window x:Class="WpfTest.MainWindow" xmlns="http://schem ...

  5. spark组件笔记

    SparkContext 中最重要的3个组建: 1 TaskScheduler (包含两个内容,TaskSchedulerImpl和SparkDeploySchedulerBackend)-用于向Ma ...

  6. IDEA为了使用方便,需要改的几条配置

    自动编译开关 在Eclipse中自动编译开关是开着的,如下所示那么,在IDEA中,务必要手动将其打开,非常重要! 忽略大小写开关 IDEA默认是匹配大小写,此开关如果未关.你输入字符一定要符合大小写. ...

  7. sql中遍历字符串

    在sql或者存储过程中会需要遍历字符串. ), --如111,222,333,尾部加, ), @Id int, ) set @split = ',' ) begin ,) ,charindex(@sp ...

  8. ORACLE——存储过程

    存储过程procedure 被内容来自<oracle从入门到精通——明日科技>一书 存储过程是一种命名的PL/SQL程序快,存储过程被保存在数据库中,它不可以被SQL语句直接执行或调用,只 ...

  9. repo 获取各个库的tag代码或者分支代码

    关于mainfest.xml中的参数格式和说明,可以自己查阅,此处不详细写,我们知道project中的reversion可以指定分支,tag,commitid等,那么如何书写呢? 首先克隆mainfe ...

  10. PHP----------安装包lnmp1.3-full安装的lnmp环境,如何安装PHP扩展

    1. 如果已经安装LNMP套件,请按以下步骤处理 a. 跳转到fileinfo源代码目录` cd /root/downloads/lnmp1.2-full/src/php-7.0.7/ext/file ...