asp.net core - IdentityServer4 RequestedClaimTypes is Empty -
in profile service why requestedclaimtypes empty? expecting profile claims requested. , per this should contain familyname , given name claim types.
getidentityresources
public static ienumerable<identityresource> getidentityresources() { return new list<identityresource> { new identityresources.openid(), new identityresources.profile(), }; }
client
new client { clientid = "46a0ab4a-1321-4d77-abe5-98f09310df0b", clientname = "typescript spa client", requireclientsecret = false, // if false public client. allowedgranttypes = granttypes.implicit, allowaccesstokensviabrowser = true, redirecturis = { "http://localhost:3000/callback" }, postlogoutredirecturis = { "http://localhost:3000/" }, allowedcorsorigins = { "http://localhost:3000" }, allowedscopes = { identityserverconstants.standardscopes.openid, identityserverconstants.standardscopes.profile, }, requireconsent = false, },
oidc-client configuration typescript
const myoidcclientsettings: oidcclientsettings = { authority: `${protocol}//${hostname}:5000`, client_id: '46a0ab4a-1321-4d77-abe5-98f09310df0b', post_logout_redirect_uri: `${protocol}//${hostname}${port ? `:${port}` : ''}/`, redirect_uri: `${protocol}//${hostname}${port ? `:${port}` : ''}/callback`, response_type: 'id_token token', scope: 'openid profile' }; const myusermanagersettings: usermanagersettings = { ...myoidcclientsettings, automaticsilentrenew: false, filterprotocolclaims: true, loaduserinfo: true, monitorsession: false, silent_redirect_uri: `${protocol}//${hostname}${port ? `:${port}` : ''}/callback`, };
inside login post add following claims:
claim[] claims = { new claim(jwtclaimtypes.name, $"{loginresponse.firstname} {loginresponse.lastname}"), new claim(jwtclaimtypes.email, loginresponse.emailaddress), new claim(jwtclaimtypes.phonenumber, loginresponse.phonenumber), new claim(jwtclaimtypes.familyname, loginresponse.lastname), new claim(jwtclaimtypes.givenname, loginresponse.firstname), //new claim(jwtclaimtypes.authorizationcodehash, arequest.password), // password need bff can not sent typescript client }; await httpcontext.authentication.signinasync(subjectid, username, authenticationproperties, claims);
profileservice
public task getprofiledataasync(profiledatarequestcontext aprofiledatarequestcontext) { logger.logdebug("get profile called {subject} {client} {claimtypes} because {caller}", aprofiledatarequestcontext.subject.getsubjectid(), aprofiledatarequestcontext.client.clientname, aprofiledatarequestcontext.requestedclaimtypes, aprofiledatarequestcontext.caller); if (aprofiledatarequestcontext.requestedclaimtypes.any()) { aprofiledatarequestcontext.addfilteredclaims(aprofiledatarequestcontext.subject.claims); } return task.fromresult(0); }
resulting user info profile not contain profile items: (shortend readability
"user info": { "id_token": "eyjhbgcioijsuzi1n", "session_state": "m5uv9nyzvmlwjvpjmx--oopcwaeevesv7ag9zo0svs8.8f757e9a033183149734adb156fbb39d", "access_token": "eyjhbgcioijsuzi1niisimtpzci6", "token_type": "bearer", "scope": "openid profile", "profile": { "sid": "4372a4cbb9938449a39d72db1a9fc6f0", "sub": "testdemo12@gmail.com", "auth_time": 1505037917, "idp": "local", "amr": [ "pwd" ] }, "expires_at": 1505042091, "state": { "returnurl": "/en-us/test" } }
it looks have include following option client,
alwaysincludeuserclaimsinidtoken = true
so client include claims in token.
Comments
Post a Comment