I’m using below code to create a ClaimIdentity in OpenIdConnectServerProvider.AuthorizationProvider. But the identity.Name is not searlized. How to allow the OpenIdConnectServer serarlize the name? Thanks.
The previous question is here How to create a ClaimIdentity in asp.net 5
var user = await userManager.FindByNameAsync(context.UserName); var factory = context.HttpContext.RequestServices.GetRequiredService<IUserClaimsPrincipalFactory<ApplicationUser>>(); var identity = await factory.CreateAsync(user); context.Validated(new ClaimsPrincipal(identity));
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
To avoid leaking confidential data, AspNet.Security.OpenIdConnect.Server refuses to serialize the claims that don’t explicitly specify a destination.
To serialize the name (or any other claim), you can use the .SetDestinations extension:
var principal = await factory.CreateAsync(user);
var name = principal.FindFirst(ClaimTypes.Name);
if (name != null) {
// Use "id_token" to serialize the claim in the identity token or "access_token"
// to serialize it in the access token. You can also specify both destinations.
name.SetDestinations(OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
}
context.Validate(principal);
When adding a claim, you can also use the AddClaim extension taking a destinations parameter:
identity.AddClaim(ClaimTypes.Name, "Pinpoint",
OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0