Reputation: 33
How to update id_token after user has updated his profile
I have set up identityserver 4 with an asp.net mvc web site using it for authentication (implicit grant type). I need have to have the claims on token updated when the user modifies the profile of the account but it is not.
Everything is working great in the happy path, client authenticates, then redirects back to website, claims comes through - all good.
My web site has a link that sends the user back to the IdentityServer in order to update the profile (name, email, phone, etc) but once this is completed and the user is sent back to the web site the claims are not being updated with the new information.
I can see that my user claims factory is being called from the profile service and that the new profile information is being set in the claims, however my website doesn't seem to pick up the new information. What might I be missing? Is this even the correct approach?
Upvotes: 1
Views: 564
Answers (1)
Reputation: 3033
After the user logged in claim information is saved in a cookie. It will not be updated until the user logs out and logs in again. You may need to sign out user forcefully so that he must log in again after a profile update.
But if the user does frequent profile updates you may need to rethink having profile data in id-token and then in claims. There is a user info endpoint in identity server that you can query to retrieve profile data when needed. http://docs.identityserver.io/en/latest/endpoints/userinfo.html
Upvotes: 4
Related Questions
- IdentityServer4 Access token updating
- How to use 'refresh_token' in IdentityServer 4?
- Refresh token for IdentityServer4
- Using .NET Core Identity and need to refresh token
- Refresh Token and Access Token from Identity Server4
- How to handle new refresh token on server side?
- Refresh tokens Identity Server4
- IdentityServer 3 refresh user with refresh token
- How to refresh the identity server token?
- How to request a refresh token with identityserver4