I'm learning OAuth 2.0 and Open Id Connect and now I have a problem: there are not claims presented in id_token:
I have created InMemoryUser and claims for him:
return new List<InMemoryUser>()
{
new InMemoryUser()
{
Username = "SomeName",
Password = "SomePassword",
Subject = "b05d3546-6ca8-4d32-b95c-77e94d705ddf",
Claims = new Claim[]
{
new Claim(IdentityServer3.Core.Constants.ClaimTypes.GivenName, "MyGivenName"),
new Claim(IdentityServer3.Core.Constants.ClaimTypes.FamilyName, "MyFamilyName"),
}
}
}
My scopes:
return new List<Scope>()
{
StandardScopes.OpenId,
StandardScopes.Profile,
new Scope()
{
Name = "somename",
DisplayName = "some display name",
Description = "some description",
Type = ScopeType.Resource
}
};
Also, I have created MVC Client and Startup class and included profile scope:
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions()
{
ClientId = "TripsHybrid",
Authority = Constants.Constants.TripsSts,
RedirectUri = Constants.Constants.TripsMvc,
SignInAsAuthenticationType = "Cookies",
ResponseType = "code id_token token",
Scope = "openid profile", // "profile" scope inсluded
}
}
But when I obtain id_token and decode it, there are not claims which I have set while creating my InMemoryUser. Also, there aren't claims in User.Identity.Claims after printing them to Debug:
if (this.User.Identity.IsAuthenticated)
{
Debug.WriteLine("Claims:");
var identity = this.User.Identity as ClaimsIdentity;
foreach (var claim in identity.Claims)
{
Debug.WriteLine(claim.Type + " - " + claim.Value);
}
}
Please, help me to find the reason and add claims in id_token. Thanks
Finally, I have found the problem solution.
The problem was in IdentityServer3 NuGet package versions. In tutorial it was used package IdentityServer3 2.0.1, but I have installed the package IdentityServer3 2.5.0.
I have changed my code when I get scopes:
public static IEnumerable<Scope> Get()
{
Scope profileScope = StandardScopes.Profile;
profileScope.IncludeAllClaimsForUser = true; // set this property to true
return new List<Scope>()
{
StandardScopes.OpenId,
profileScope,
new Scope()
{
Name = "somename",
DisplayName = "some display name",
Description = "some description",
Type = ScopeType.Resource
}
};
}
I have set the IncludeAllClaimsForUser = true and now all claims are present in identity token (id_token) and I can get all claims in my MVC client using this code (the same as previous):
if (this.User.Identity.IsAuthenticated)
{
Debug.WriteLine("Claims:");
var identity = this.User.Identity as ClaimsIdentity;
foreach (var claim in identity.Claims)
{
Debug.WriteLine(claim.Type + " - " + claim.Value);
}
}
When I tried to use the older package the code in my question worked as expected (without any changes).
It seems that the default value of this property was changed to false in some newer version of IdentityServer3.
Thanks all.