c# - 如何将数据(数组)添加到 Identityserver 4 生成的 jwt token

Question

任何人都可以帮助我按照以下格式将array 添加到 identityserver4 的 jwt token 中。

如果数组不包含数据:{ "custom_data": [] }
如果数组包含一个元素:{ "custom_data": ["one_element"]}
如果数组包含多个元素:{ "custom_data": ["first element","second element"]}

我尝试使用 IProfileService 并使用 Claims
添加数据示例代码:

foreach (string element in my_array) {
  userClaims.Add(new Claim("custom_data" , element));
}

但在那种情况下，我得到的结果如下:

if array contains no data : { } 这里我没有得到任何数据
如果数组包含一个元素:{ "custom_data": "one_element"} 这里我将它作为一个字符串
如果数组包含多个元素:{ "custom_data": ["first element","second element"]} 这里我的方法是正确的

Answer 1

我会查看 this发布 AB 遵循 OAuth 2.0 for Browser-Based Apps 的建议文档:

To avoid the risks inherent in handling OAuth access tokens from apurely browser-based application, implementations may wish to move theauthorization code exchange and handling of access and refresh tokensinto a backend component.

The backend component essentially becomes a new authorization serverfor the code running in the browser, issuing its own tokens (e.g. asession cookie). Security of the connection between code running inthe browser and this backend component is assumed to utilizebrowser-level protection mechanisms.

In this scenario, the backend component may be a confidential clientwhich is issued its own client secret.