asp.net core - IdentityServer4 RequestedClaimTypes is Empty -


in profile service why requestedclaimtypes empty? expecting profile claims requested. , per this should contain familyname , given name claim types.

getidentityresources

public static ienumerable<identityresource> getidentityresources() {     return new list<identityresource>     {         new identityresources.openid(),         new identityresources.profile(),     }; } 

client

new client {     clientid = "46a0ab4a-1321-4d77-abe5-98f09310df0b",     clientname = "typescript spa client",     requireclientsecret = false, // if false public client.     allowedgranttypes = granttypes.implicit,     allowaccesstokensviabrowser = true,      redirecturis = { "http://localhost:3000/callback" },     postlogoutredirecturis = { "http://localhost:3000/" },     allowedcorsorigins = { "http://localhost:3000" },      allowedscopes =     {         identityserverconstants.standardscopes.openid,         identityserverconstants.standardscopes.profile,     },      requireconsent = false, }, 

oidc-client configuration typescript

const myoidcclientsettings: oidcclientsettings = {   authority: `${protocol}//${hostname}:5000`,   client_id: '46a0ab4a-1321-4d77-abe5-98f09310df0b',   post_logout_redirect_uri: `${protocol}//${hostname}${port ? `:${port}` : ''}/`,   redirect_uri: `${protocol}//${hostname}${port ? `:${port}` : ''}/callback`,   response_type: 'id_token token',   scope: 'openid profile' };  const myusermanagersettings: usermanagersettings = {   ...myoidcclientsettings,   automaticsilentrenew: false,   filterprotocolclaims: true,   loaduserinfo: true,   monitorsession: false,   silent_redirect_uri: `${protocol}//${hostname}${port ? `:${port}` : ''}/callback`, }; 

inside login post add following claims:

claim[] claims = {   new claim(jwtclaimtypes.name, $"{loginresponse.firstname} {loginresponse.lastname}"),   new claim(jwtclaimtypes.email, loginresponse.emailaddress),   new claim(jwtclaimtypes.phonenumber, loginresponse.phonenumber),   new claim(jwtclaimtypes.familyname, loginresponse.lastname),   new claim(jwtclaimtypes.givenname, loginresponse.firstname),   //new claim(jwtclaimtypes.authorizationcodehash, arequest.password), // password need bff can not sent typescript client };  await httpcontext.authentication.signinasync(subjectid, username, authenticationproperties, claims); 

profileservice

    public task getprofiledataasync(profiledatarequestcontext aprofiledatarequestcontext) {   logger.logdebug("get profile called {subject} {client} {claimtypes} because {caller}",       aprofiledatarequestcontext.subject.getsubjectid(),       aprofiledatarequestcontext.client.clientname,       aprofiledatarequestcontext.requestedclaimtypes,       aprofiledatarequestcontext.caller);    if (aprofiledatarequestcontext.requestedclaimtypes.any())   {     aprofiledatarequestcontext.addfilteredclaims(aprofiledatarequestcontext.subject.claims);   }    return task.fromresult(0); } 

resulting user info profile not contain profile items: (shortend readability

"user info": {   "id_token": "eyjhbgcioijsuzi1n",   "session_state": "m5uv9nyzvmlwjvpjmx--oopcwaeevesv7ag9zo0svs8.8f757e9a033183149734adb156fbb39d",   "access_token": "eyjhbgcioijsuzi1niisimtpzci6",   "token_type": "bearer",   "scope": "openid profile",   "profile": {     "sid": "4372a4cbb9938449a39d72db1a9fc6f0",     "sub": "testdemo12@gmail.com",     "auth_time": 1505037917,     "idp": "local",     "amr": [       "pwd"     ]   },   "expires_at": 1505042091,   "state": {     "returnurl": "/en-us/test"   } } 

it looks have include following option client,

alwaysincludeuserclaimsinidtoken = true 

so client include claims in token.


Comments

Popular posts from this blog

resizing Telegram inline keyboard -

command line - How can a Python program background itself? -

php - "cURL error 28: Resolving timed out" on Wordpress on Azure App Service on Linux -