Reputation: 116948
Incorrect claim Type
I am currently working on an API. The tokens are returned from an IdentityServer4.
I am trying to get back the sub id which is the id of the currently authorized user from the token claim. I can see it in the Claim here.
{
"nbf": 1512632838,
"exp": 1512636438,
"iss": "http://localhost:5000",
"aud": [
"http://localhost:5000/resources",
"testapi"
],
"client_id": "ServiceAccountAccess",
"sub": "21248582",
"auth_time": 1512632823,
"idp": "local",
"name": "TestUser",
"resource_id": "21260601",
"xena_fiscal_id": "21875",
"fiscal_name": "My company",
"picture_url": "/Content/images/avatar-company-xena.jpg",
"application_id": "16140911",
"scope": [
"openid",
"profile",
"testapi"
],
"amr": [
"password"
]
}
My API call is quite simple
[Authorize]
public async Task<ActionResult> ChangeFiscal([FromBody] long fiscalId)
{
var name = User.Claims.Where(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier")
.Select(c => c.Value).SingleOrDefault();
}
What i cant understand is why sub or subject is being turned into
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
I can see from the api that its done it to quite a few of the claims
{
"nbf": 1512653706,
"exp": 1512657306,
"iss": "http://localhost:5000",
"aud": [
"http://localhost:5000/resources",
"testapi"
],
"client_id": "ServiceAccountAccess",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "21248582",
"auth_time": 1512652100,
"http://schemas.microsoft.com/identity/claims/identityprovider": "local",
"name": "TestUser",
"supporter": "21248582",
"http://schemas.microsoft.com/claims/authnmethodsreferences": "password",
"resource_id": "21527443",
"xena_fiscal_id": "21876",
"fiscal_name": "this",
"picture_url": "/Content/images/avatar-company-xena.jpg",
"scope": [
"openid",
"profile",
"testapi"
]
}
Upvotes: 4
Views: 648
Answers (1)
Reputation: 116948
Its taken an hour to figure out that the Microsoft JWT handler turns these standard claims into Microsoft proprietary ones.
By adding the following line to the startup Configure method i was able to turn off this annoying "feature"
JwtSecurityTokenHandler.InboundClaimTypeMap.Clear()
Upvotes: 5
Related Questions
- ASP.NET Core Identity ClaimsPrincipal appears empty
- user does not contain the definition of Identity
- Sub claim missing from ProfileDataRequestContext.RequestedClaimTypes
- Why does User.Identity not contain the whole list of ClaimsTypes?
- IdentityServer4 can not read all claims
- Null Reference Exception for ClaimsType in IdentityCore, Getting claims as null
- Adding custom claim not working in asp.net core identity
- How to properly use claims with IdentityServer4?
- IdentityServer4.Storage - not have Claim model
- Sub claim is missing