I am new in IdentityServer4 and i have a simple login configuration. Here is my user Test User:
return new List<TestUser> {
new TestUser {
SubjectId = "5BE86359-073C-434B-AD2D-A3932222DABE", // just get this in claims list
Username = "name",
Password = "password",
Claims = new List<Claim> {
new Claim(ClaimTypes.Email, "[email protected]") // not found
}
}
};
I also have a client:
return new List<Client>
{
new Client
{
ClientId = "MVC1",
ClientName = "This is my MVC1",
ClientSecrets = new List<Secret> {new Secret("MVC1".Sha256())}, // change me!
AllowedGrantTypes = GrantTypes.Code,
RedirectUris = new List<string> {"http://localhost:7573/signin-oidc"},
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email, // permission to access email claim
},
RequirePkce = true,
AllowPlainTextPkce = false
}
};
and this is my code for client configuration:
.AddOpenIdConnect("OIDC", options =>
{
options.SignInScheme = "cookie";
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.ClientId = "MVC1";
options.ClientSecret = "MVC1";
options.ResponseType = "code";
options.UsePkce = true;
options.ResponseMode = "query";
options.CallbackPath = "/signin-oidc";
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email"); // i wants to access but not found in claims list
options.SaveTokens = true;
});
i want to access all the claims configured but i just find SubjectId and not email.
Help Me Please :(
by default you need to be explicit and tell which claims you want from the tokens and user-info endpoint to end up in the user, by adding this to the AddOpenIDConnect options
options.ClaimActions.MapUniqueJsonKey("website", "website");
options.ClaimActions.MapUniqueJsonKey("gender", "gender");
options.ClaimActions.MapUniqueJsonKey("birthdate", "birthdate");
You should also add a IdentityResource definition, because it controls what goes into the ID-Token , like
_identityResources = new List<IdentityResource>()
{
new IdentityResources.OpenId(),
new IdentityResources.Email(),
new IdentityResources.Profile(),
new IdentityResources.Address(),
};
To complement this answer, I wrote a blog post that goes into more detail about this topic: Debugging OpenID Connect claim problems in ASP.NET Core