Reputation: 4640
Cannot get the `name` claim from IdentittyServer4, when the client is written in .NET Framework
I authenticate a user to a ASP.NET (.NET Framework) site using IdentityServer4 (separate application written in .NET Core).
Everything works fine, but the name claim is never returned.
If the client was written in .NET Core, there seems to be this GetClaimsFromUserInfoEndpoint property (assembly Microsoft.AspNetCore.Authentication.OpenIdConnect, Version=3.1.3.0):
services
.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.Authority = Configuration["AppSettings:IdentityServerUrl"];
options.RequireHttpsMetadata = true;
options.ClientId = Configuration["AppSettings:ClientId"];
options.ClientSecret = Configuration["AppSettings:ClientSecret"];
options.ResponseType = "code id_token";
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true; // <<<<<<<<<<<---
....
However, in .NET Framework, I have no such property. All I have is this code (extension assembly: Microsoft.Owin.Security.OpenIdConnect v3.1.0.0):
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "oidc",
SignInAsAuthenticationType = "Cookies",
Authority = identityServerUrl,
RedirectUri = appUrl + "/signin-oidc",
PostLogoutRedirectUri = appUrl + "/signout-callback-oidc",
ClientId = "clientId",
ClientSecret = @"secret",
ResponseType = OpenIdConnectResponseTypes.CodeIdToken,
Scope = "openid profile offline_access",
UseTokenLifetime = false,
});
I have tried various things on the client and on the identity server, but nothing seems to help.
Can someone tell me how I can get this claim inside my token?
I am getting other claims, but it seems to skip calling the user info endpoint on IdentityServer, and that's why this user claim is not there.
Upvotes: 0
Views: 940
Answers (2)
Reputation: 19921
You can try to add this to your client, to fix the mapping between that Microsoft consider to be the name and what Identity Server consider to be the name claim.
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = JwtClaimTypes.Name,
RoleClaimType = JwtClaimTypes.Role,
};
Upvotes: 1
Reputation: 481
You must implement IPorfileService interface for .NET
read: http://docs.identityserver.io/en/latest/reference/profileservice.html
I hope that helps you ! :)
Later edit:
var oidcOptions = new OpenIdConnectAuthenticationOptions
{
Authority = OidcAuthority,
ClientId = OidcClientId,
ClientSecret = OidcClientSecret,
GetClaimsFromUserInfoEndpoint = true,
PostLogoutRedirectUri = OidcRedirectUrl,
RedirectUri = OidcRedirectUrl,
ResponseType = OpenIdConnectResponseType.Code,
Scope = OpenIdConnectScope.OpenId
};
app.UseOpenIdConnectAuthentication(oidcOptions);
Upvotes: 1
Related Questions
- IdentityServer4 sample code gives unauthorized_client error
- IdentityServer4 - I need given_name claim in my API code, but don't have an identity token in my API. How can I get given_name?
- IdentityServer4 claims doesn't show any claims that I given to IDS server
- Retrieving client name in IdentityServer4 and ASP.NET Core
- Name claim returning username and not name
- How to request User Info from IdentityServer4
- Adding custom Claim for access in API with IdentityServer4
- Not getting additional claims from HttpContext.Current.GetOwinContext().Authentication
- Getting Claims With IdentityServer3
- OAuth 2.0 and Open Id Connect claims issue