I have created an ASP.net core API secured with Identity Server 4, that serves a react client that gets an id token and access token via the implicit flow. I am able to successfully authenticate requests from the client to the API.
My problem is I need to access the requesting user's profile (or at least their user id) in the API. Currently, I only have access to the user's claims that are included in the bearer token. It there some way to set my API up so that it will retrieve the user profile from the Authority with some sort of middleware? Do I need to pass the ID token with the request?
Thanks for your time.
In the end, the solution was quite simple. I implemented IdentityServer4.ServicesIProfileService in my identity server, which allowed me to add any and all the required claims to the access token.
Then in my startup for the identity server, I register my profile service as the profile service.
services.AddScoped<IProfileService, MyProfileService>();