Menu
It appears to me that I cannot add a custom claim (that is user-specific) to the response of my first call to Identity Server. Can someone confirm that assumption?
Here is what we are doing in our app: Using ResourceOwner Flow, our web app (server side) calls Identity Server sending the user's logonID and password and scopes.
We get back a JWT which contains the standard claims like sub, idp, client_id; but we would like to add one more. To simplify, let's say that one additional claim is the emailAddress of the user.
It appears that we must make another call to the Identity Server and get a new token. Is that correct? Isn't there some way we can get that value in the initial call?
232
Sorry to be the one to answer my own question, but I found out how to make this work.
In your IUserService override, in GetProfileDataAsync add the following code:
if (context.RequestedClaimTypes != null)
{
List<Claim> newclaims = new List<Claim>();
foreach (Claim claim in context.Subject.Claims)
{
if (context.RequestedClaimTypes.Contains(claim.Type))
{
newclaims.Add(claim);
}
}
context.IssuedClaims = newclaims;
}
return Task.FromResult(context.IssuedClaims);
Finally, to make sure that GetProfileDataAsync fires every time the user logs in, not just the first time, make sure that you do not have caching turned on. This probably means removing a line of code in your startup that looks like this: factory.ConfigureUserServiceCache().
83
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With