CODEWITHSUNDEEP
identityserver3membershipreboot
RNDThoughts
RNDThoughts

Reputation: 1024

MembershipReboot with IdentityServer v3

I am having trouble extracting UserAccount properties from MembershipReboot in conjunction with Thinktecture IdentityServer. I have both up and running using the Sample repo here: https://github.com/identityserver/IdentityServer3.MembershipReboot

When I request the "openid profile" scope in an Implicit Grant Flow, I am missing a lot of the user account fields such as "given_name, middle_name", etc from the id_token and response from the userinfo endpoint. I understand this is because they need to be assigned in the GetClaimsFromAccount function.

I can see the requestedClaims come into the GetProfileDataAsync() function in the MembershipRebootUserService class and if I hover over the instance of TAccount in GetClaimsFromAccount I can see the Firstname, Lastname, etc properties appearing in the CustomUser dynamic proxy but I can't for the life of me work out how to access them and copy them into the claims collection?

More Info:

I suspect the issue is with this line: 

 claims.AddRange(userAccountService.MapClaims(account));

It looks like this should be converting the user account properties into claims but I dont get any back.

Upvotes: 0

Views: 1324

Answers (1)

Matt
Matt

Reputation: 5651

The way I understand it works is you add an option to your Scope object to return all of the claims for a user. IncludeAllClaimsForUser is the key property.

e.g.

new Scope
{
  Enabled = true,
  Name = "roles",
  Type = ScopeType.Identity,
  IncludeAllClaimsForUser = true,
  Claims = new List<ScopeClaim>
  {
    new ScopeClaim("role")
  }
}

My request includes the role property as well. This pulled back all the claims for the user from MR for me. My example is with Implicit flow btw.

Upvotes: 2

Related Questions