Reputation: 7028
how to give option to a user to update its own info in Identity Server
I have derived Identity User as
public class MyAppUser : IdentityUser
{
public MyAppUser () : base() { }
public MyAppUser (string userName) : base(userName) { }
public string FirstName { get; set; }
public string LastName { get; set; }
public string CurrentAddress { get; set; }
}
I have added all these properties values in claims also so that we can send these values to user to see the details.
await UsersRepository.AddClaimAsync(appuser, new Claim("firstName", "MyName"));
await UsersRepository.AddClaimAsync(appuser, new Claim("lastName", "MyLastName"));
await UsersRepository.AddClaimAsync(appuser, new Claim("currentAddress", "MyAddress"));
I have two issues here
Issue 1:- The values are repeated at two places.
- with the MyAppUser
- with the Claims
Question:- Is it a correct way? if not, what is the best to implement it?
Issue 2:- I want to give an option to user to update its own information like CurrentAddress or FirstName or LastName.
Question:-
One way to solve above problem is give admin api endpoint access to all users. But is it correct way? What is the best to implement this in IdentityServer.
Upvotes: 1
Views: 316
Answers (1)
Reputation: 564
Since you're using IdentityServer4, I would create a "profile" scope by defining an identity resource. https://identityserver4.readthedocs.io/en/latest/topics/resources.html#identity-resources
public static IEnumerable<IdentityResource> GetIdentityResources()
{
return new List<IdentityResource>
{
new IdentityResource(
name: "profile",
userClaims: new[] { "name", "email", "website" },
displayName: "Your profile data")
};
}
From there, you can look at implementing the IProfileService interface in order to access a separate database or API that manages your users' profile information.
Profile Service Docs : https://identityserver4.readthedocs.io/en/latest/reference/profileservice.html#refprofileservice
You can set up a separate User Profile or User Information service where your users can go to update their information and what not. This way they are not directly modifying data within the bounds of the actual authentication service. You can remove unnecessary claims from the authentication token and only supply them as part of your "profile" scope. That would cut down on the redundant claims that you mentioned. Doing so also gives you more room to add whatever user profile info you might want (phone number, email, etc.).
Upvotes: 1
Related Questions
- Update IdentityServer user data from SPA or WebApi
- Updating user by UserManager.Update() in ASP.NET Identity 2
- IdentityServer4 and Update password using API
- Identity Server Refresh Token Resource Owner Password Credential Flow
- Update Identity User Claims in Web API
- Edit Client in IdentityServer4
- Identity Server4 User to select account after login
- Asp.net Identity 2.0 update user
- How to change Identity value in Web Api 2
- OpenId update profile information