AspnetCore 3.1 OpenIdConnectEvent using claims from ClaimActions.MapJsonKey
I'm trying to add custom claims to the logging in user principal using the OnTokenValidated event. To get these claims I need to fetch data from the database.
The event is called, I can access the database and everything should be fine:
options.Events.OnTokenValidated = requestContext=> {
var ctx = requestContext.HttpContext.RequestServices.GetRequiredService<IPersistenceContext>();
var principal = requestContext.Principal;
var userExternalId = principal.FindFirstValue(IdentityModel.JwtClaimTypes.Subject);
var user = await ctx.Users
.FirstOrDefaultAsync(u => u.ExternalId == userExternalId);
//do stuff with the user
}
Except, in the OnTokenValidated I would need to access claims that are mapped using ClaimActions.MapJsonKey. For example, I would need to access the user's roles, mapped like this:
options.ClaimActions.MapJsonKey(JwtClaimTypes.Role, JwtClaimTypes.Role, JwtClaimTypes.Role);
Now when I try to check the principal's claims in the OnTokenValidated, there are no role claims. Only the 'standard' OIDC claims are present.
The roles are available to the application after the login has completed, so their mapping works as expected.
How can I access the role claims (and anything else mapped via ClaimActions.MapJsonKey) in an OpenIdConnectEvent?
Instead of hocking into the OpenIDConnect events, why not hock into the Cookie handler events instead? In it you have for example the OnSigningIn that could be useful for you.
The relationship between the two handlers are as the diagram below shows:
To complement this answer, I wrote a blog post that goes into more detail about this topic: Debugging OpenID Connect claim problems in ASP.NET Core
Cookie handler will get the final ClaimsPrincpal user object from OpenIdConnect and from that one create the cookie.
- Blazor web app couldn't find js function in external js file
- Multiple EditForm in Blazor Page
- How to pass js function argument to inline c# in cshtml?
- Blazor: Implementing 404 not found page
- How to tell when a self-hosted ASP.NET Core application is ready to receive requests?
- What kind of commands/queries can be created with MediatR?
- C# HttpRequestMessage - Host ignores the Content-Type Header I send it and complains that I am sending the wrong Content Type
- User.Identity.IsAuthenticated is false in a non-auth methods after successful login in asp.net core
- InvalidOperationException: Cannot find compilation library location for package 'System.Security.Cryptography.Pkcs'
- How to validate uploaded files in ASP.Net MVC
- .Net Core [Authorize] - Or instead of And for permission test
- NSwag produces incorrect output for IFromFile in Minimal API when file parameter is wrapped in model class
- Get individual error messages from modelstate
- Property Injection in ASP.NET Core
- ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException
- Confirm form resubmission - ASP.NET 5 MVC
- Serialise HTML Form with time/text input type and validation of time fields
- How to show loading progress while wasm part being loaded (.NET 8, no pre-render)
- How to merge multiple arrays from ASP.Net Core configuration files?
- ASP.NET Core EF Identity Roles while using JWT Bearer Scheme
- Pass the selected value of a dropdown in to a URL.Action so that a modal form is displayed on a button click
- Why I am getting Cascade delete cycle error when updating the database
- To have different session timeout for different users
- How to setup a beta versioning in Swagger endpoint?
- Is there a way to have dynamic regex strings in a RegularExpression attribute?
- Is there a way to have the Identity Library cookies be tied to the root domain?
- How to access Microsoft.AspNetCore.Routing namespace
- What is the difference between regular and Async methods (OnGet vs OnGetAsync)
- Changing property in Razor @ref component does not update its usage in HTML element
- Visual Studio Project doesn't load after changing folder name