I have created my own ProfileService concrete, based on the built in one.
in GetProfileDataAsync(), context.RequestedClaimTypes does not include any related claims from IdentityResourceClaims table, but it does have the IdentityResource from the specified scopes in context.RequestedResources.ParsedScopes. I would think the claims associated with those scopes should be included in RequestedClaimTypes, otherwise is there any way to get these from the context? Or would I need to do my own db query?
Is this example - "app_perms" is the scope (identity resource) and "app" is the related claim (in the IdentityResourceClaims table)
protected virtual async Task GetProfileDataAsync(ProfileDataRequestContext context, IdentityUser user)
{
// since not including claims for IdentityResource scopes, need to check the scope
if (context.RequestedResources.ParsedScopes.Any(x => x.ParsedName == "app_perms") || context.RequestedClaimTypes.Contains("app"))
{
// add some test app claims
context.IssuedClaims.Add(new Claim("app", "App1"));
context.IssuedClaims.Add(new Claim("app", "App2"));
}
}
Actually they can be found here: context.RequestedResources.Resources.IdentityResources.Any(x => x.UserClaims.ContainsIgnoreCaseTrim("role"))