Search code examples
c#asp.net-coreauthenticationoauth-2.0identityserver4

How to get all claims of a user?

I am new in IdentityServer4 and i have a simple login configuration. Here is my user Test User:

return new List<TestUser> {
    new TestUser {
       SubjectId = "5BE86359-073C-434B-AD2D-A3932222DABE", // just get this in claims list
       Username = "name",
       Password = "password",
       Claims = new List<Claim> {
           new Claim(ClaimTypes.Email, "[email protected]") // not found
       }
      }
     };

I also have a client:

return new List<Client>
            {
                new Client
                {
                    ClientId = "MVC1",
                    ClientName = "This is my MVC1",
                    ClientSecrets = new List<Secret> {new Secret("MVC1".Sha256())}, // change me!
    
                    AllowedGrantTypes = GrantTypes.Code,
                    RedirectUris = new List<string> {"http://localhost:7573/signin-oidc"},
                    AllowedScopes = new List<string>
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.Email, // permission to access email claim
                    },

                    RequirePkce = true,
                    AllowPlainTextPkce = false
            }
};

and this is my code for client configuration:

.AddOpenIdConnect("OIDC", options =>
                {
                    options.SignInScheme = "cookie";

                    options.Authority = "http://localhost:5000";
                    options.RequireHttpsMetadata = false;

                    options.ClientId = "MVC1";
                    options.ClientSecret = "MVC1";

                    options.ResponseType = "code";
                    options.UsePkce = true;

                    options.ResponseMode = "query";

                    options.CallbackPath = "/signin-oidc";
                    
                    options.Scope.Add("openid");
                    options.Scope.Add("profile");
                    options.Scope.Add("email"); // i wants to access but not found in claims list

                    options.SaveTokens = true;
                });

i want to access all the claims configured but i just find SubjectId and not email. enter image description here

Help Me Please :(

Solution

  • by default you need to be explicit and tell which claims you want from the tokens and user-info endpoint to end up in the user, by adding this to the AddOpenIDConnect options

    options.ClaimActions.MapUniqueJsonKey("website", "website");
options.ClaimActions.MapUniqueJsonKey("gender", "gender");
options.ClaimActions.MapUniqueJsonKey("birthdate", "birthdate");

    You should also add a IdentityResource definition, because it controls what goes into the ID-Token , like

            _identityResources = new List<IdentityResource>()
        {
            new IdentityResources.OpenId(),
            new IdentityResources.Email(),
            new IdentityResources.Profile(),
            new IdentityResources.Address(),
        };

    To complement this answer, I wrote a blog post that goes into more detail about this topic: Debugging OpenID Connect claim problems in ASP.NET Core