I'm using the IdentityServer4 "AspNetCoreAndApis" sample application found here
(我正在使用此处找到的IdentityServer4“ AspNetCoreAndApis”示例应用程序)
It has a token server and an MVC client application.
(它具有令牌服务器和MVC客户端应用程序。)
The identity server project has an external OIDC authentication provider set up using their demo server - https://demo.identityserver.io/
(身份服务器项目外部OIDC认证供应商建立使用他们的演示服务器- https://demo.identityserver.io/)
After hitting a protected endpoint in MvcClient , being redirected to the local identity server, choosing and authenticating with the demo server, it reaches the ExternalController callback of the local identity server.
(在MvcClient命中受保护的终结点MvcClient ,将其重定向到本地身份服务器,选择演示服务器并进行身份验证,它到达本地身份服务器的ExternalController回调。)
At this point I would like to issue additional claims to the user, and have them be available in MvcClient . (在这一点上,我想向用户发出其他声明,并使它们在MvcClient可用。)
There's code in the callback to add additionalLocalClaims and issue a cookie.
(回调中包含添加additionalLocalClaims LocalClaims并发出Cookie的代码。)
I tried adding another claim: (我尝试添加另一个声明:)
var additionalLocalClaims = new List<Claim>();
additionalLocalClaims.Add(new Claim("TestKey", "TestValue"));
await HttpContext.SignInAsync(user.SubjectId, user.Username, provider, localSignInProps, additionalLocalClaims.ToArray());
But by the time the user arrives in the HomeController of MvcClient this claim is not there.
(但是,当用户到达MvcClient的HomeController ,该声明就不存在了。)
I think I don't properly understand which authentication scheme is being used where, and the function of the relevant cookies.
(我想我不太了解在哪里使用哪种身份验证方案以及相关cookie的功能。)
EDIT:
(编辑:)
In response to the first comment below, I tried attaching a claim to a requested scope, but still no luck - this is the in memory resource store:
(为了响应下面的第一条评论,我尝试将声明附加到请求的范围,但是仍然没有运气-这是内存资源存储区:)
public static IEnumerable<ApiResource> Apis
{
get
{
var apiResource = new ApiResource("api1", "My API");
apiResource.UserClaims.Add("TestKey");
var resources = new List<ApiResource>
{
apiResource
};
return resources;
}
}
The MvcClient is both allowed the api1 scope, and requests it.
(MvcClient既可以使用api1范围,也可以请求它。)
ask by user888734 translate from so 
