I've been playing with IdentityServer4. Absolutely love it.
I've been going through the tutorials on your site, specifically https://identityserver4.readthedocs.io/en/release/quickstarts/7_javascript_client.html
I have created a Profile Service that does the following:
public class ProfileService : IProfileService
{
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
context.IssuedClaims.Add(new Claim("test-claim", "test-value"));
return Task.FromResult(0);
}
public Task IsActiveAsync(IsActiveContext context)
{
context.IsActive = true;
return Task.FromResult(0);
}
}
This works great, my custom claim is visible in the log window of my JS client.
I put a break point on it just to inspect what is in the context, and I noticed it was getting hit twice. The caller properties were ClaimsProviderAccessToken
and UserInfoEndpoint
respectively. Why is this?
In my naivety I removed the profile
scope from my js client, and in oidc-js config also removed the profile scope, and set loadUserInfo: false
yet my ProfileService
it is still called twice.
If my end goal is to set claims based on parameters from a database, I really I don't want to be doing this operaion twice, do I? (Genuine question -- I don't know). A 'solution' would be to only set them on "ClaimsProviderAccessToken" but there is something telling me that there will be a reason ProfileServices get called twice and that there is some importance of it setting the claims on both runs through.
The profile service is called whenever IdentityServer needs to return claims about a user to a client applications.
If you request an identity and access token - it will get called twice (since you might be putting different claims into each token type).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With