CODEWITHSUNDEEP
openid-connectidentityserver3
Praveen Upadhyay
Praveen Upadhyay

Reputation: 9

Custom Claims in Access Token

1-) I am trying to add few claims to access token, While debugging I observerd, it has been added to AuthenticationResult- Claims, But I do not see in JWT Access Token. Please find the image below for reference. I have added one claim named "mem" value 123.

I have added this as below in AuthenticationLocalAsync method.

IEnumerable claim = new Claim[] { new Claim("mem", "123") };

        context.AuthenticateResult =
            new AuthenticateResult(context.UserName, context.UserName, claim);

debugging, It includes the custom claim

2-) 2nd issue is - GetProfileDataAsync method is not getting executed when I am using PostMan as client, As the API server is being developed for Mobile client, So I am using PostMan client. In login itself I want to get the claim which I have mentioned in the 1st point. Please help, I already spent a lot of time to figure out these two points.

Thanks

Upvotes: 1

Views: 2848

Answers (2)

xmichaelx
xmichaelx

Reputation: 629

  1. Specify resource scope for your claim or add your claim to existing resource scope.

https://identityserver.github.io/Documentation/docsv2/configuration/scopesAndClaims.html

var scope = new Scope
{
    Name = "memScope",
    DisplayName = "Scope for mem claim",
    Type = ScopeType.Resource,
    Claims = new List<ScopeClaim>
    {
        new ScopeClaim("mem")
    }
};
  1. Make sure that your client can request that scope (either by setting AllowAccessToAllScopes to true or explicitly specifying AllowedScopes on client).

https://identityserver.github.io/Documentation/docsv2/configuration/clients.html

  1. Request the scope in your client.

Upvotes: 2

Centrifugal
Centrifugal

Reputation: 46

First off I'd like to mention I am not an Identity Server expert(yet). But I'll do my best.

I personally wouldn't be assigning claims in the AuthenticateLocalAsync method. This logic should be moved to claims provider.

However, if you insisted on adding the claims in the authentication step your issue still most likely lies within the ClaimsProvider. The claims included in token are handled directly by the ClaimsProvider. So it could be that GetAccessTokenClaimsAsync() may not even be including claims added to principal, or there is some kind of logic that is explicitly preventing your custom claim from being returned.

That is my best guess.

Upvotes: 0

Related Questions