How to add phone number claim on IdentityServer4

by

I am using IdentityServer4 IDP with a blazor client. In a razor component I have:

[CascadingParameter]
public Task<AuthenticationState> AuthenticationStateTask { get; set; }

async Task GetClaims()
{
    var claims = (await AuthenticationStateTask).User.Claims;
}

This gives me a total of 9 claims including sub, name, preferred_name, amr, email, email_verified etc. I want to also get the phone number here but it is not present even though I add phone scope in the IDP config as following

public static IEnumerable<IdentityResource> Ids =>
    new IdentityResource[]
    {
        new IdentityResources.OpenId(), // sub
        new IdentityResources.Profile(), // givenName, familyName ..
        new IdentityResources.Email(),
        new IdentityResources.Phone()
    };

and in Client object;

AllowedScopes = {
    IdentityServerConstants.StandardScopes.OpenId,
    IdentityServerConstants.StandardScopes.Profile,
    IdentityServerConstants.StandardScopes.Email,
    IdentityServerConstants.StandardScopes.Phone,
    "exampleapi" },

Doesn’t this mean that the phone number should be in the identity token? What should I do to get the phone number?

Also, what is the best way to send a phoneNumberUpdate request?

Contents hide
Answers:
Method 1
Method 2

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

The spec says:

The Claims requested by the profile, email, address, and phone scope
values are returned from the UserInfo Endpoint, as described in
Section 5.3.2, when a response_type value is used that results in an
Access Token being issued. However, when no Access Token is issued
(which is the case for the response_type value id_token), the
resulting Claims are returned in the ID Token.

See UserInfo Endpoint.

Method 2

Client Oidc service registration also needs to be configured to ask for phone scope

builder.Services.AddOidcAuthentication(options =>
{
    //...
    options.ProviderOptions.DefaultScopes.Add("phone");
    //...
});


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x