Search code examples
asp.net-coreidentityserver4

Missing Claims from within the IdentityServer Website, including all samples

I am sure this is down to a lack of understanding.

I am trying to access the currently-logged in users claims, within an IdentityServer instance. I am finding that any claims I provide the user are only available to the setup clients, and not the IdentityServer itself.

My issue can be replicated by using any of the quick start samples provided by the IdentityServer4 team (QuickStart Samples)

I am building a site that will provide authentication, using IdentityServer4, and also provide some interface screens to manage your own profile. To facilitate this I will need access to the claims from within the IdentityServer site.

If we look at the test users on the quick starts, we have this user:

            new TestUser
            {
                SubjectId = "1",
                Username = "alice",
                Password = "password",

                Claims = new List<Claim>
                {
                    new Claim("name", "Alice"),
                    new Claim("website", "https://alice.com")
                }
            },

We can see it has 2 claims; name and website.

Within the login controller, I also add another claim, just before signing in (by way of experimenting)

user.Claims.Add(new Claim("given_name", "bob")); // issue authentication cookie with subject ID and username await HttpContext.SignInAsync(user.SubjectId, user.Username, props);

When the QuickStart site and the MVC Client are running, I can successfully log in. The Secure page then shows me the claims below (after enabling AlwaysIncludeUserClaimsInIdToken)

enter image description here

However, if i visit the Grants section of the IdentityServer4 Quickstart, and inspect the current User I see an entirely different set of claims, shown below:

enter image description here

How, within IdentityServer4 Quickstart, can i access the same list of claims that were returned in the ID Token?

My specific reason is i will be storing an Active Directory UPM as one of the claims and will need access to this when the user is within any secure page in our Identity Server.

Solution

  • Ok - after a day of playing around, I realized there were other overrides for the HttpContext.SignInAsync() method.

    Before, I had this - as per tutorial

    await HttpContext.SignInAsync(user.SubjectId, user.Username, props);

    Changing this to

    await HttpContext.SignInAsync(user.SubjectId, user.Username, props, user.Claims.ToArray());

    Gives me exactly what i was looking for.

    Leaving this here on the off chance others have the same issue.