gpt4 book ai didi

jwt - 添加访问 token key 斗篷的声明

转载 作者:行者123 更新时间:2023-12-03 21:16:43 24 4
gpt4 key购买 nike

下面是我的用例:
我需要向访问 token 添加声明,以便我可以在对我的资源进行策略评估期间使用它。我的策略是基于 javascript 的策略,它只能访问登录用户的保留和自定义属性。
我使用以下 api 来推送声明:

curl -X POST \
http://localhost:8082/auth/realms/cms-non-prod/protocol/openid-connect/token \
-H 'Authorization: Bearer eyJhbGciOiJSXXXXXXXXXXXXXXXX' \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Postman-Token: ac020c2b-9efb-4817-81ea-61895c8775a7' \
-d 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Auma-ticket&claim_token=ewoiaW5zdGl0dXRpb25JZCI6WyJEQ0IiXQp9& claim_token_format=urn%3Aietf%3Aparams%3Aoauth%3Atoken-type%3Ajwt&client_id=indra-bff \
&client_Secret=5760582d-74ff-496c-a6c2-2530ddde6408&audience=indra-bff'

它添加了声明,但它添加到授权--> 权限--> 资源。如果我有基于 JS 的政策,我该如何阅读。
任何有关此的指示都会有所帮助。
下面是当我点击上面的 url 时得到的 token :
{
"jti": "4c00f1a4-8038-4c45-820d-23a9c9ab6d42",
"exp": 1580733917,
"nbf": 0,
"iat": 1580730317,
"iss": "http://localhost:8082/auth/realms/cms-non-prod",
"aud": "indra-bff",
"sub": "9ab2fc80-3a5c-426d-ae78-56de01d214df",
"typ": "Bearer",
"azp": "indra-bff",
"auth_time": 0,
"session_state": "2ab35757-d09d-4d52-946b-f519a1338abf",
"acr": "1",
"realm_access": {
"roles": [
"PR_DCB_RECON_ASSOCIATE",
"PR_YBL_RECON_ASSOCIATE",
"offline_access",
"uma_authorization",
"PR_DCB_RECON_MGR"
]
},
"resource_access": {
"indra-bff": {
"roles": [
"uma_protection"
]
},
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]
}
},
"authorization": {
"permissions": [
{
"claims": {
"institutionId": [
"DCB"
]
},
"rsid": "17fdf554-8643-4741-b9a4-13309e830b6f",
"rsname": "Default Resource"
},
{
"scopes": [
"DELETE",
"POST",
"GET",
"PUT",
"PATCH"
],
"claims": {
"institutionId": [
"DCB"
]
},
"rsid": "56cabb7c-76a1-4260-bd9f-d5494458c6bf",
"rsname": "adjustment"
},
{
"scopes": [
"DELETE",
"POST",
"GET",
"PUT",
"PATCH"
],
"claims": {
"institutionId": [
"DCB"
]
},
"rsid": "70297346-8010-4c1d-91b1-9bc22edd3061",
"rsname": "chargeback"
}
]
},
"scope": "profile email",
"institution": "UNKNOWN",
"email_verified": false,
"preferred_username": "siva",
"email": "siva@goniyo.com"
}

谢谢你的帮助。
干杯,

最佳答案

此方法如果用于 UI。在您的领域中,选择您的客户。对于该客户端,转到“映射器”选项,然后单击“创建”。您可以将映射器类型设为“用户属性”并选择选项以将属性添加到 ID token 、访问 token 和用户信息。这里添加的属性应该存在于用户身上。
example settings

关于jwt - 添加访问 token key 斗篷的声明,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60051209/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com