Handle local data for identityserver4 authentication

Question

Hallo I'm a bit in a bind with identity server; I set up a basic setup and that works fine however the hard part comes after that.

I got a Client (A MVC web project); and a Identityserver4 server to handle the Authentication (Hybrid flow). When I go to a area with a authorize attribute it will redirect me directly to the Identityserver4 to login and I will be send back afterwards logged in.

This is fine and as expected; however the issue for me is I need to be able to store data on the client for that specific user that is logged in with identity server.

What is the best way to handle this? in some cases it's nice to have a basic screen to fill the needed data to finish the registration and/or at least a entry that can be used to make relations (like external login).

My thought was to use the claim 'sid' as a user specific identifier (that is given from the identityserver); and with that I can check if the user exists; if it doesn't add a claim so that the user need to finish the registration (forced to a page or automatically creating the required entry).

Answer 1

With the OpenIDConnect hander (Where you do AddOpenIDConnect) you have a set of event handlers that you can hook into. In these event handlers you can lookup the user in the database or create it based on the sid. You can also here transform or alter the claims that will be presented in the ClaimsPrincipal user object. After that you can redirect the user to the "Fill out additional information" forms if you like.

See sample code here:

• OpenIdConnectEvents Class
• Implementing OpenIdConnectOptions Events when using Authentication.AzureAD.UI Library
• Executing code after user has been authenticated using Azure Active Directory