Sub claim missing from ProfileDataRequestContext.RequestedClaimTypes
In IdentityServer4 I have defined an IdentityResource with some claims:
new IdentityResource {
Name = "userdata",
UserClaims = new List<string> {
JwtClaimTypes.Subject,
JwtClaimTypes.Role,
JwtClaimTypes.Email,
JwtClaimTypes.Name
}
}
And then add it to the scopes in the client configuration:
AllowedScopes = {
IdentityServerConstants.StandardScopes.OpenId,
"api1",
"userdata"
}
In the client app I requested that scope:
.AddOpenIdConnect("oidc", options => {
options.Scope.Add("openid");
options.Scope.Add("userdata");
options.Scope.Add("offline_access");
options.Scope.Add("api1");
}
In IS4 I have implemented IProfileService to add some claims to the id_token.
public async Task GetProfileDataAsync(ProfileDataRequestContext context) {
var sub = context.Subject.GetSubjectId();
var user = await _userManager.FindByIdAsync(sub);
if (user == null) {
throw new ArgumentException("");
}
var principal = await _claimsFactory.CreateAsync(user);
var userClaims = principal.Claims.ToList();
var claims = new List<Claim> {
userClaims.Find(x => x.Type == JwtClaimTypes.Subject),
userClaims.Find(x => x.Type == JwtClaimTypes.Role),
userClaims.Find(x => x.Type == JwtClaimTypes.Email),
userClaims.Find(x => x.Type == JwtClaimTypes.Name),
new Claim("iesseapetenantid", user.TenantId.ToString())
};
var requestedClaimTypes = context.RequestedClaimTypes;
context.AddRequestedClaims(claims);
}
context.AddRequestedClaims(claims) filter the claims passed and add only the ones requested by the client.
The problem is that in context.RequestedClaimTypes the sub claim is missing but the other three are there: email, name and role.
Why is the "sub" claim missing?
Thanks!
The sub claim is the one required by the spec, so it's a part of the StandardScopes.OpenId. You do not need to setup or request it additionally.
var sub = context.Subject.GetSubjectId();
assumes that the sub claim is already within the context. If not, an exception will be thrown.
All above is about IdentityResource and id_token. A token for ApiResource may be created without referencing a user.
- Enable interactive render mode on Blazor templates accounts pages
- .Net Core SignalR Connection between services has an issue
- How to register multiple implementations of the same interface with different dependencies
- ASP.NET Core hosting environment variable ignored
- What is different in my Ajax vs XMLHttpRequest Call that lets my Server understand Ajax but not XMLHttpRequest?
- How to get return value from Task wait()
- User.Identity.IsAuthenticated always false in .net core custom authentication
- I want to pre-fill an input of type IFormFile
- Net Core Simple way to Find Temperature from Openweather API
- Get email claim from identity after upgrading to .NET 8 not working
- Unable to send the List of model data to a view using asp.net mvc
- Routing with Areas and Controller Name (asp.net core)
- Bind gRPC services to specific port in aspnetcore
- Redis cache in .NET 8 is not taking effect?
- Use React Authentication with .NET backend?
- List users with roles in a razor page using asp.net 6.0 Identity
- Correct handling of formless AJAX POST and AntiForgery in C# Razor Pages
- how to load partial view in ajax in asp.net core
- Entity Framework Core multiple connection strings on same DBContext?
- error A value of type 'int' cannot be used as a default parameter because there are no standard conversions to type
- What is this string inside Blazor components HTML tag
- Blazor Server: Breadcrumb change using JavaScript persists across pages
- .net blazor new debug profile lacks .css .js why?
- How to get results from a Postgresql function using EF Core?
- ASP Net identity two factor authentication last expired token is getting validated successfully
- Why string property must be declared as nullable string in Entity Framework Core when corresponding database table column is nullable
- HTTP Error 500.30 - ASP.NET Core app failed to start(abp-commercial)
- How to Configure Swagger to Display Different Model Classes Based on Content Type in .NET API
- How to remove UserName field from asp.net core 3 Identity
- Difference between BadRequestResult and BadRequestObjectResult