There are two applications:
Initially I had only authorization logic implemented, using the following code:
serviceCollection
.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Audience = clientId;
options.Authority = authority;
});
I set [AuthorizeAttribute] for my controller and the authorization logic worked fine. Now I need to get information about user in my controller. For this I would like to use OpenID info. I modified my code by adding OpenID connect:
serviceCollection
.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Audience = clientId;
options.Authority = authority;
})
.AddOpenIdConnect(options =>
{
options.ClientId = clientId;
options.Authority = authority;
options.GetClaimsFromUserInfoEndpoint = true;
});
But I still see only access_token claims in my controller (User.Identity). What have I missed?
You have two options.
you could add the desired claims to the access token (In the ApiScope or ApiResources) and then access then through the AddJwtBearer in the API.
Alternatively, you can take the access-token and sent it to the token introspection endpoint, from the response you can get more details about the user. You can also manually call the userinfo endpoint using the access token. However, AddJWtBearer won't call these endpoints for you. The helper classes in IdentityModel can help you to do that.
Adding AddOpenIdConnect to the API, just to get the user details is the wrong approach.
To complement this answer, I wrote a blog post that goes into more detail about this topic: Debugging OpenID Connect claim problems in ASP.NET Core