OAuth令牌承载者额外的用户信息

Question

我正在使用以OAuth承载者令牌保护的Web API。当得到我想要的额外信息发送到用户的令牌，所以我尝试以下按this thread：

CustomOAuthProvider.cs：

public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) 
{ 
    // Other stuff, cut off for brevity 

    var user = await userManager.FindAsync(context.UserName, context.Password); 

    ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, "JWT"); 
    oAuthIdentity.AddClaims(ExtendedClaimsProvider.GetClaims(user)); 
    oAuthIdentity.AddClaims(RolesFromClaims.CreateRolesBasedOnClaims(oAuthIdentity)); 

    var ticket = new AuthenticationTicket(oAuthIdentity, this.CreateProperties(user.UserName, oAuthIdentity)); 

    context.Validated(ticket); 
} 

private AuthenticationProperties CreateProperties(string userName, ClaimsIdentity oAuthIdentity) 
{ 
    var data = new Dictionary<string, string> 
    { 
     { "username", userName }, 
     { "roles", JsonConvert.SerializeObject(oAuthIdentity.Claims.Where(c=> c.Type == ClaimTypes.Role).Select(c => c.Value).ToArray()) } 
    }; 
    return new AuthenticationProperties(data); 
} 

但返回的对象总是如下：

{ 
    access_token: "theTokenHash" 
    expires_in: 86399 
    token_type: "bearer" 
} 

这是我Startup.cs：

public void Configuration(IAppBuilder app) 
{ 
    // AutoMapper 
    AutoMapperConfig.RegisterMappings(); 

    var httpConfig = new HttpConfiguration(); 

    app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); 

    ConfigureOAuthTokenGeneration(app); 
    ConfigureOAuthTokenConsumption(app); 
    ConfigureWebApi(httpConfig); 

    WebApiConfig.Register(httpConfig); 
    AutofacConfig.Register(httpConfig); 

    app.UseWebApi(httpConfig); 

    httpConfig.EnsureInitialized(); 
} 

private void ConfigureOAuthTokenGeneration(IAppBuilder app) 
{ 
    // Configure the db context and user manager to use a single instance per request 
    app.CreatePerOwinContext(ApplicationDbContext.Create); 
    app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create); 
    app.CreatePerOwinContext<ApplicationRoleManager>(ApplicationRoleManager.Create); 

    var OAuthServerOptions = new OAuthAuthorizationServerOptions() 
    { 
     //For Dev enviroment only (on production should be AllowInsecureHttp = false) 
     AllowInsecureHttp = true, 
     TokenEndpointPath = new PathString("/oauth/token"), 
     AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), 
     Provider = new CustomOAuthProvider(), 
     AccessTokenFormat = new CustomJwtFormat("http://localhost:59822") 
    }; 

    // OAuth 2.0 Bearer Access Token Generation 
    app.UseOAuthAuthorizationServer(OAuthServerOptions); 
    app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()); 
} 

什么我在这里做错了吗？

Answer 1

哇，没关系，我在链接的答案中给出了完整的例子。似乎添加额外的字段是不够的。您仍必须通过覆盖TokenEndpoint函数自己将参数添加到上下文中：

public override Task TokenEndpoint(OAuthTokenEndpointContext context) 
{ 
    foreach (KeyValuePair<string, string> property in context.Properties.Dictionary) 
    { 
     context.AdditionalResponseParameters.Add(property.Key, property.Value); 
    } 
    return Task.FromResult<object>(null); 
}