Reputation: 1717
Adding Application Specific claim after Web API Authentication (Identity Server)
I am adding application specific claims in my Web Application OnValidateIdentity to Identity Sever's access token claims. I am grabbing the application specific claims for the logged in user querying the Database for every API call. Should I make the application specific claims to be injected in the token in Identity Server (to reduce the DB calls)?
Upvotes: 0
Views: 343
Answers (1)
Reputation: 3033
Identity Server Token should only contain claims about the user. It should be ok to query the application specific claims when the token received. You can introduce a caching layer to reduce DB calls if that is a concern.
But if you have really valid reason these rules can be broken and add application-specific claims at identity server. (e.g: settings shared by multiple apps).
Upvotes: 1
Related Questions
- How can I make a custom claim accessible inside a webapi secured by Identity Server 4?
- Identity Server 4: adding claims to access token
- How to add additional claims in Api Project when using IdentityServer 4
- Thinktecture Identity Server v3 How to keep Claims from external providers?
- How to use ThinkTecture IdentityServer 3 in Web Api 2
- adding claims accesstoken validation identityserver3
- Add Claims after authentication using Thinktecture Identity Server
- Update claims after login with identityserver3 2.1.1
- Thinktecture IdSrv - set the used identity provider name as a claim
- Moving from Web API 2 Claim-Based-Authentication to ThinkTecture