6

I have following in my client startup.cs.

services.AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; }) .AddCookie() .AddOpenIdConnect(options => { options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; // cookie middle setup above options.Authority = AuthSetting["Authority"]; // Auth Server options.RequireHttpsMetadata = false; // only for development options.ClientId = AuthSetting["ClientId"]; // client setup in Auth Server options.ClientSecret = AuthSetting["ClientSecret"]; options.ResponseType = "code id_token"; // means Hybrid flow (id + access token) options.GetClaimsFromUserInfoEndpoint = true; options.SaveTokens = true; //options.ClaimActions.MapJsonKey(ClaimTypes.Email, "email", ClaimValueTypes.Email); //options.ClaimActions.Clear(); //https://stackoverflow.com/a/47896180/9263418 //options.ClaimActions.MapUniqueJsonKey("Aes", "Aes"); //options.ClaimActions.MapUniqueJsonKey("foo", "foo"); //options.ClaimActions.MapJsonKey("Aes", "Aes"); //https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers/issues/210 });

Following is my Identityserver's startup.cs

services.AddIdentityServer(options => { options.Events.RaiseSuccessEvents = true; options.Events.RaiseFailureEvents = true; options.Events.RaiseErrorEvents = true; options.Events.RaiseInformationEvents = true; }) .AddInMemoryClients(Clients.Get()) .AddInMemoryIdentityResources(Resources.GetIdentityResources()) .AddInMemoryApiResources(Resources.GetApiResources()) .AddDeveloperSigningCredential() .AddExtensionGrantValidator<Extensions.ExtensionGrantValidator>() .AddExtensionGrantValidator<Extensions.NoSubjectExtensionGrantValidator>() .AddJwtBearerClientAuthentication() .AddAppAuthRedirectUriValidator() .AddClientConfigurationValidator<DefaultClientConfigurationValidator>() .AddProfileService<ProfileService>();

Following is my ProfileService.cs file.

public class ProfileService : IProfileService { public Task GetProfileDataAsync(ProfileDataRequestContext context) { // Processing var claims = new List<Claim> { new Claim("Email", "someone2gmail.com"), }; context.IssuedClaims.AddRange(claims); return Task.FromResult(0); } public Task IsActiveAsync(IsActiveContext context) { // Processing context.IsActive = true; return Task.FromResult(0); } }

I am not able to access Mail claim in client application.

Checked many references.

But none of them are working for me. Any guess that what might be missing?

Using Identityserver4 with .Net core 2.

Improve this question

3 Answers 3

Reset to default
11

Never mind. I got it resolved by trying following option in client configuration of server. Will read it entirely. But for now it works as it seems to be including claims in token.

AlwaysIncludeUserClaimsInIdToken = true
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

The default scopes for OpenIDConnectOptions are "openid" and "profile".

You will have to additionally request the "email" scope when configuring your options.

Improve this answer

3 Comments

still it is not coming.
Your link is now broken.
Ah, yeah moved into the aspnetcore repo; updated
1

I found this link how to add role. U define user claims in Identity resources, which makes it smoother.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.