CODEWITHSUNDEEP
asp.net-coreidentityserver4claims
Saeid Mirzaei
Saeid Mirzaei

Reputation: 1236

IdentityServer4 can not read all claims

I use from IdentityServer4 in asp.net core 2.2.

My Get Profile Data is:

 public async Task GetProfileDataAsync(ProfileDataRequestContext context)
    {
        var sub = context.Subject.GetSubjectId();
        var user = await _userManager.FindByIdAsync(sub);
        var principal = await _claimsFactory.CreateAsync(user);

        var claims = principal.Claims.ToList();

        claims.Add(new Claim(ClaimTypes.NameIdentifier, "fullname"));

        context.IssuedClaims = claims;
    }

And I added client as follow: 

 new Client
            {
                ClientId = "client",
                ClientName = "Application",
                AllowedGrantTypes = GrantTypes.Hybrid,
                ClientSecrets =
                {
                    new Secret("secret".Sha256())
                },
                RedirectUris           = { "http://localhost:45876/signin-oidc" },
                PostLogoutRedirectUris = { "http://localhost:45876/signout-callback-oidc" },
                AllowedCorsOrigins = new[] { "http://localhost:45876/" },
                AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        "webapi"
                    },
                AllowOfflineAccess = true
            },

When I read claims in the client I have some of claims not all of theme. NameIdentifier is null?

httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value;

What is my problem? What should I do?

Upvotes: 0

Views: 2123

Answers (2)

Nan Yu
Nan Yu

Reputation: 27528

Profile Service will help dynamically adding user's claims . That claims could be added into an identity token, an access token, or the user info endpoint . The constant IdentityServerConstants.ProfileDataCallers contains the different constant values. You can trace the logic by filtering context.Caller .

Concern about the length of ID Token , by default the claims won't include in ID token . You can use one of below solutions to add custom claims to client app's user claim principle :

  1. In client app , you can set options.GetClaimsFromUserInfoEndpoint = true in OpenID connect options ,so that client app will send a request to OIDC's userinfo endpoint to get the extra claims , then you can use ClaimActions.MapJsonKey map the claim to user claims/cookie :

    options.GetClaimsFromUserInfoEndpoint = true;
options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, ClaimTypes.NameIdentifier);

  2. Another solution is set AlwaysIncludeUserClaimsInIdToken to true when registering client in Identity Server , so that custom claims will add to id token , and client app will directly map claims from ID token to user claim principle :

    AlwaysIncludeUserClaimsInIdToken =true

Upvotes: 3

alireza.salemian
alireza.salemian

Reputation: 576

You must specify the claims to used for select values from the json user data and create Claims. This done in OpenIdConnectOptions:

services
.Authentication()
.AddOpenIdConnect(options => {
    // For map all claims
    options.ClaimActions.MapAll();
});

Upvotes: 4

Related Questions