Search code examples
asp.net-identityidentityserver4

claims not found on client side

I have implemented IDS4 client. Here is the code to register client on IDS4 in config.cs

new Client
                {
                    ClientId = "HR.WebClient",
                    ClientName = "HR Module Web Client",
                    ClientSecrets = { new Secret("****".Sha256()) },

                    AllowedGrantTypes = GrantTypes.Code,
                    AlwaysSendClientClaims = true,
                    AlwaysIncludeUserClaimsInIdToken = true,

                    // removed some code for brevity

                    AllowOfflineAccess = true,
                    RequireConsent =  false,

                    // removed some code for brevity
                },

and here is an extension method I am using to configure my client in the startup.cs of my client app.

public static void AddCustomAuthentication(this IServiceCollection services, IConfiguration Configuration)
        {
            services.AddAuthentication(options =>
            {
                options.DefaultScheme = "Cookies";
                options.DefaultChallengeScheme = "oidc";
            })
            .AddCookie(options =>
            {
                options.Cookie.Name = $"{Configuration["ClientId"]}.Cookie";
            })
            .AddOpenIdConnect("oidc", options => 
            {
                options.Authority = Configuration["IdentityServerUri"];
                options.SignInScheme = "Cookies";

                options.ClientId = Configuration["ClientId"]; 
                options.ClientSecret = Configuration["ClientSecret"]; 
                options.ResponseType = "code";

                options.SaveTokens = true;
                
                // get claims
                options.GetClaimsFromUserInfoEndpoint = true;

                // removed some code for brevity

            });

            var policy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .Build();
        }

PROBLEM

I have written some server side logic to add claims on run time. I can also see those claims on server application side. enter image description here

But I am unable to see any claims on client side.

enter image description here

What am I missing?

Update

here is the sample of my id_token and access_token

.Token.id_token eyJhbGciOiJSUzI1NiIsImtpZCI6IkNGN0U3OUJEMjNENUFEQjdCQkFFNkM2Mzk3NjM0RTBBIiwidHlwIjoiSldUIn0.eyJuYmYiOjE2NDA2NzA0NDUsImV4cCI6MTY0MDY3MDc0NSwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMSIsImF1ZCI6IkNvcnBMZW5zZS5IUi5XZWJDbGllbnQiLCJpYXQiOjE2NDA2NzA0NDUsImF0X2hhc2giOiJUWVdkd2lCbEdacHoyQ19FcXBZaXFBIiwic3ViIjoiNDJkNjRkNzQtMDBjMC00MmE5LWI1OWEtNTUyYjcwOGM0NTcxIiwiYXV0aF90aW1lIjoxNjQwNTkwMTQzLCJpZHAiOiJsb2NhbCIsInByZWZlcnJlZF91c2VybmFtZSI6ImlmdGlraGFyIiwibmFtZSI6ImlmdGlraGFyIiwiYW1yIjpbInB3ZCJdfQ.LgS2_-yW9XcMqmZhOhbSdMznpmbUvat_e7mfw8YLajCOjREuECvYlyC2nowlu6Khch2FZyM5RAgqYPHc0db2NBxhLEaqNIwWIa9We32Vdy6wrHPkx1TrGkQymoiXcktkIeaNA1TCMUfSDA1XRbfygfPyFCq9t06CHC4WmVmcdQFavXic_jFCEBV45_qGsuAeqYi0qbStoQd3dWqkhOkBg3aiZjZKycQXTWGb-dBFSIG7xFZx2AhsEYBpTI9NzG3oRbYbJlV-CEuV2umFVdX77zZOdSvvdrRiMzN_XLw8ZWysLG5yAJiIkL-dprKhqTUbtUHw1jkq4VZc-iQUNvsOgw

.Token.access_token eyJhbGciOiJSUzI1NiIsImtpZCI6IkNGN0U3OUJEMjNENUFEQjdCQkFFNkM2Mzk3NjM0RTBBIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2NDA2NzA0NDUsImV4cCI6MTY0MDY3NDA0NSwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NTAwMSIsImF1ZCI6Imh0dHBzOi8vbG9jYWxob3N0OjUwMDEvcmVzb3VyY2VzIiwiY2xpZW50X2lkIjoiQ29ycExlbnNlLkhSLldlYkNsaWVudCIsInN1YiI6IjQyZDY0ZDc0LTAwYzAtNDJhOS1iNTlhLTU1MmI3MDhjNDU3MSIsImF1dGhfdGltZSI6MTY0MDU5MDE0MywiaWRwIjoibG9jYWwiLCJqdGkiOiI5NTdFRURDNkNGQjI1RDRBODQ5QzBCNzVCMkNDQ0NDOSIsInNpZCI6IjQzODhBMzY0OTVFODEzMzczNDJBMDE4OTU4NUQxMDkxIiwiaWF0IjoxNjQwNTkwMTQzLCJzY29wZSI6WyJvcGVuaWQiLCJwcm9maWxlIiwiSHVtYW5SZXNvdXJjZUFwaSIsIm9mZmxpbmVfYWNjZXNzIl0sImFtciI6WyJwd2QiXX0.kOipzf-kUNSviqgoRf8ieZtswAc6eBfMlkvuc44qNaKAzUIr8Bv4J6O0X455ctnh-jJrutvVkUsBu0SS-wBllAS7LUGh2aIhJV9qTgITxKvDchfHrzJnpyI3dGEbmUweC0pqvpzM_KDNKUG-GhafthehEz6V1SYq3DA2XPKevO4xuTAF9R9zl4KtgXVPZQba2A-3GZxOuL2WZhcxYV3Qm3kLQlHHxiriz5vQDIXTIYsmRdh791YDsjHr7lKIG9Vf8b2Mddivs8FFZerJAJzanzzZQ2wa0nJ4DpOQaasbBAf9NCltkUavHp7Q6x0KWPKAh5Nv--mF1A3VZOPjWvn3yg

Solution

  • Thanks to the input from Tore I was able to realize my ignorance. I was completely unaware of the fact the we can extend Identity Server with implementation of IProfileService. I was able to add custom claims in access_token by implementing ProfileService.