Reputation: 479
How to add claims to my accesstoken generated by IdentityServer4 using ClientCredentials grantType
I had developed a WebAPI application and secured my endpoints with OAuth 2.0 protocol using IdentityServer4
My ApiResource looks like:
Name = "BankOfDotNetApi",
Scopes =
{
new Scope("BankOfDotNetApi", "API name for Customer", new List<string>{ "Claim1"}),
new Scope("BankOfDotNetApi.Read"),
new Scope("BankOfDotNetApi.Write"),
new Scope("offline_access"),
},
UserClaims =
{
JwtClaimTypes.Name,
JwtClaimTypes.Email
},
MyClient looks like:
Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.ClientCredentials,
ClientSecrets = {new Secret("secret".Sha256())},
AllowedScopes = { "BankOfDotNetApi", "BankOfDotNetApi.Read" },
}
My API application startUp.cs looks like:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc(
config =>
{
});
services.AddControllers();
services.AddDbContext<BankContext>(options => options.UseInMemoryDatabase("BankingDb"));
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.RequireHttpsMetadata = false;
options.ApiName = "BankOfDotNetApi";
options.Authority = "http://localhost:5000";
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
I am not generating tokens manually(by creating an instance of JWTToken)and Tokens are automatically generated by IdentityServer4
I am able to access scopes in my access token but I am unable to access Claims.
If my code goes wrong, please suggest to me how and Where to add claims to my ApiResource.
How to access claims in my AccessToken
Upvotes: 0
Views: 2564
Answers (1)
Reputation: 398
Use ICustomTokenRequestValidator interface, after token generation, control flow comes in ValidateAsync method.
namespace IdentityServer4.Validation
{
//
// Summary:
// Allows inserting custom validation logic into authorize and token requests
public interface ICustomTokenRequestValidator
{
//
// Summary:
// Custom validation logic for a token request.
//
// Parameters:
// context:
// The context.
//
// Returns:
// The validation result
Task ValidateAsync(CustomTokenRequestValidationContext context);
}
}
Use below line to add custom claim in token.
context.Result.ValidatedRequest.ClientClaims.Add(claim);
Adds the custom authorize request validator using AddCustomTokenRequestValidator in startup class.
Upvotes: 2
Related Questions
- IdentityServer4: Add Custom default Claim to Client Principal for Client_Credential Granttype
- How to get additional claims on client side in identity server 4?
- How include roleclaim to accesstoken?
- Identity Server 4 Add a claim to a generated token
- client specific claims identity server4 using asp.net core identity
- Adding custom Claim for access in API with IdentityServer4
- How to add additional claims to be included in the access_token using ASP.Net Identity with IdentityServer4
- IdentityServer4 Add Claims to /connect/token
- Getting access token claims in claims principal in IdentityServer4
- add claims to windows identity