How to include an identity claim in an access token using DotNetOpenAuth? Specifically the email claim.
It is clear how to make a scope claim (so in the response it would be something like scope=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress:myemail@some.host), but doing that seems to me as using the scopes incorrectly. I am using grant_type=password flow.
Another way is to make an additional UserInfo request from the client app via OpenID Connect protocol, but I don't want any additional requests.
Ideally I need to add a property to the AccessToken class, or put email to its ExtraData property.
This can be done in DNOA 4.1+, there is no such feature in DNOA 4.0.
One can put custom values in OAuth2AuthorizationServer.CreateAccessToken method to the ExtraData property. Then those values can be obtained from either StandardAccessTokenAnalyzer.DeserializeAccessToken or overrides of ResourceServer.GetAccessToken.