CODEWITHSUNDEEP
api.net-coreauthorizationidentityserver4authorize-attribute
ToughStacker
ToughStacker

Reputation: 1

How to get the claims within a JwtBearer-protected API method :)

We currently have IdentityServer configured with JWT. We have about 8 API's each with 2-8 endpoints. Each of these endpoints uses the AuthorizeAttribute to verify if the user can use the endpoint etc..

This all works well but now we wish to implement multi-tenancy. Is there a way to use a token after an API has authorized?

Below is the basic flow

  1. User click button on front end to initiate an API call
  2. API endpoint verifies the access token with the identity server
  3. User is allowed access if verified

It is after this stage that we wish to use the token again to query identity server for details on the user to allow us implement multi-tenancy

Have done numerous google searches etc.

The API code is as follows. Each API endpoint has the Authorize tag, which autorizes against the identity server to make sure the user can call the endpoint. Once the user is authorized, I need to pull data from the token to get the tenant

[HttpGet]
    [Route("api/resultset/{userID}")]
    [Authorize]
    public IActionResult Get(int userID){
       //access token here to get details for multi-tenant
}

Upvotes: 0

Views: 383

Answers (1)

d_f
d_f

Reputation: 4859

After your call to API been successfully authorized, the claims from the token are under HttpContext:

[HttpGet]
[Route("api/resultset/{userID}")]
[Authorize]
public IActionResult Get(int userID){
    //access token here to get details for multi-tenant
    var claims = HttpContext.User.Claims;
}

Upvotes: 0

Related Questions