实现效果：通过生成的access_token获取用户的一些信息，这样客户端请求的时候，不需要传递用户信息了。

示例配置：

public void ConfigureServices(IServiceCollection services)

{

    services.AddIdentityServer()

        .AddTemporarySigningCredential()

        .AddInMemoryIdentityResources(new List<IdentityResource>

        {

            new IdentityResources.OpenId(), //必须要添加，否则报无效的scope错误

            new IdentityResources.Profile(),

        })

        .AddInMemoryApiResources(new List<ApiResource>

        {

            new ApiResource("api1", "My API")

        })

        .AddInMemoryClients(new List<Client>

        {

            new Client

            {

                ClientId = "client",

                AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,

                ClientSecrets =

                {

                    new Secret("secret".Sha256())

                },

                AllowedScopes =

                {

                  "api1",

                  IdentityServerConstants.StandardScopes.OpenId, //必须要添加，否则报forbidden错误

                  IdentityServerConstants.StandardScopes.Profile

                }

            }

        });

}

Http 调用示例：

GET /connect/userinfo

Authorization: Bearer <access_token>

HTTP/1.1 200 OK

Content-Type: application/json

{

    "sub": "248289761001",

    "name": "Bob Smith",

    "given_name": "Bob",

    "family_name": "Smith",

    "role": [

        "user",

        "admin"

    ]

}

UserInfoClient调用示例：

var token = "";

var client = new DiscoveryClient(_appSettings.IssuerUri);

client.Policy.RequireHttps = false;

var disco = await client.GetAsync();

var userInfoClient = new UserInfoClient(doc.UserInfoEndpoint);

var response = await userInfoClient.GetAsync(token);

var claims = response.Claims;

参考资料：

• UserInfo Endpoint
• Resource owner flow - UserInfo Endpoint
• Accessing /connect/userinfo endpoint
• UserInfo Endpoint Forbidden - no openid scope?