Custom Claims are not being accessed in client with identityserver 4 .Net core 2.0

Question

I have following in my client startup.cs.

services.AddAuthentication(options =>
            {
                options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
            })
            .AddCookie()
            .AddOpenIdConnect(options =>
            {
                options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; // cookie middle setup above
                options.Authority = AuthSetting["Authority"];  // Auth Server
                options.RequireHttpsMetadata = false; // only for development 
                options.ClientId = AuthSetting["ClientId"]; // client setup in Auth Server
                options.ClientSecret = AuthSetting["ClientSecret"];
                options.ResponseType = "code id_token"; // means Hybrid flow (id + access token)
                options.GetClaimsFromUserInfoEndpoint = true;
                options.SaveTokens = true;
                //options.ClaimActions.MapJsonKey(ClaimTypes.Email, "email", ClaimValueTypes.Email);
                //options.ClaimActions.Clear(); //https://stackoverflow.com/a/47896180/9263418
                //options.ClaimActions.MapUniqueJsonKey("Aes", "Aes");
                //options.ClaimActions.MapUniqueJsonKey("foo", "foo");
                //options.ClaimActions.MapJsonKey("Aes", "Aes"); //https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers/issues/210
            });

Following is my Identityserver's startup.cs

services.AddIdentityServer(options =>
                {
                    options.Events.RaiseSuccessEvents = true;
                    options.Events.RaiseFailureEvents = true;
                    options.Events.RaiseErrorEvents = true;
                    options.Events.RaiseInformationEvents = true;
                })
                .AddInMemoryClients(Clients.Get())
                .AddInMemoryIdentityResources(Resources.GetIdentityResources())
                .AddInMemoryApiResources(Resources.GetApiResources())
                .AddDeveloperSigningCredential()
                .AddExtensionGrantValidator<Extensions.ExtensionGrantValidator>()
                .AddExtensionGrantValidator<Extensions.NoSubjectExtensionGrantValidator>()
                .AddJwtBearerClientAuthentication()
                .AddAppAuthRedirectUriValidator()
                .AddClientConfigurationValidator<DefaultClientConfigurationValidator>()
                .AddProfileService<ProfileService>();

Following is my ProfileService.cs file.

public class ProfileService : IProfileService
    {

        public Task GetProfileDataAsync(ProfileDataRequestContext context)
        {
            // Processing
            var claims = new List<Claim>
            {
                new Claim("Email", "someone2gmail.com"),
            };

            context.IssuedClaims.AddRange(claims);

            return Task.FromResult(0);
        }

        public Task IsActiveAsync(IsActiveContext context)
        {
            // Processing
            context.IsActive = true;

            return Task.FromResult(0);
        }
    }

I am not able to access Mail claim in client application.

Checked many references.

But none of them are working for me. Any guess that what might be missing?

Using Identityserver4 with .Net core 2.

Answer 1

Never mind. I got it resolved by trying following option in client configuration of server. Will read it entirely. But for now it works as it seems to be including claims in token.

AlwaysIncludeUserClaimsInIdToken = true

Answer 2

The default scopes for OpenIDConnectOptions are "openid" and "profile".

You will have to additionally request the "email" scope when configuring your options.