Reputation: 3819
Custom Claims are not being accessed in client with identityserver 4 .Net core 2.0
I have following in my client startup.cs.
services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; // cookie middle setup above
options.Authority = AuthSetting["Authority"]; // Auth Server
options.RequireHttpsMetadata = false; // only for development
options.ClientId = AuthSetting["ClientId"]; // client setup in Auth Server
options.ClientSecret = AuthSetting["ClientSecret"];
options.ResponseType = "code id_token"; // means Hybrid flow (id + access token)
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
//options.ClaimActions.MapJsonKey(ClaimTypes.Email, "email", ClaimValueTypes.Email);
//options.ClaimActions.Clear(); //https://stackoverflow.com/a/47896180/9263418
//options.ClaimActions.MapUniqueJsonKey("Aes", "Aes");
//options.ClaimActions.MapUniqueJsonKey("foo", "foo");
//options.ClaimActions.MapJsonKey("Aes", "Aes"); //https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers/issues/210
});
Following is my Identityserver's startup.cs
services.AddIdentityServer(options =>
{
options.Events.RaiseSuccessEvents = true;
options.Events.RaiseFailureEvents = true;
options.Events.RaiseErrorEvents = true;
options.Events.RaiseInformationEvents = true;
})
.AddInMemoryClients(Clients.Get())
.AddInMemoryIdentityResources(Resources.GetIdentityResources())
.AddInMemoryApiResources(Resources.GetApiResources())
.AddDeveloperSigningCredential()
.AddExtensionGrantValidator<Extensions.ExtensionGrantValidator>()
.AddExtensionGrantValidator<Extensions.NoSubjectExtensionGrantValidator>()
.AddJwtBearerClientAuthentication()
.AddAppAuthRedirectUriValidator()
.AddClientConfigurationValidator<DefaultClientConfigurationValidator>()
.AddProfileService<ProfileService>();
Following is my ProfileService.cs file.
public class ProfileService : IProfileService
{
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
// Processing
var claims = new List<Claim>
{
new Claim("Email", "someone2gmail.com"),
};
context.IssuedClaims.AddRange(claims);
return Task.FromResult(0);
}
public Task IsActiveAsync(IsActiveContext context)
{
// Processing
context.IsActive = true;
return Task.FromResult(0);
}
}
I am not able to access Mail claim in client application.
Checked many references.
But none of them are working for me. Any guess that what might be missing?
Using Identityserver4 with .Net core 2.
Upvotes: 6
Views: 2963
Answers (3)
Reputation: 577
The default scopes for OpenIDConnectOptions are "openid" and "profile".
You will have to additionally request the "email" scope when configuring your options.
Upvotes: 2
Reputation: 185
I found this link how to add role. U define user claims in Identity resources, which makes it smoother.
Upvotes: 1
Reputation: 3819
Never mind. I got it resolved by trying following option in client configuration of server. Will read it entirely. But for now it works as it seems to be including claims in token.
AlwaysIncludeUserClaimsInIdToken = true
Upvotes: 11
Related Questions
- claims not found on client side
- ASP.NET Core custom claims are lost
- How to access custom claim in aspnet core application authorized using Identity Server
- How to get custom claims for IdentityServer4 Itself
- Set custom claims for ClaimsIdentity using IdentityServer4 authentication
- IdentityServer4 can not read all claims
- Adding custom claim not working in asp.net core identity
- How to properly use claims with IdentityServer4?
- Identity Server 4 Claims empty on API
- IdentityServer4 custom AuthenticationHandler can't find all claims for a user