Skip to content
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.

Getting Custom Claims? #389

Closed
donmiller714 opened this issue Sep 27, 2014 · 1 comment
Closed

Getting Custom Claims? #389

donmiller714 opened this issue Sep 27, 2014 · 1 comment

Comments

@donmiller714
Copy link

Security novice here trying to get my head around IdentityServer.v3 and IdentityManager. I've searched this site for all issues about "claims" but haven't found what I think I'm looking for -- apologies for double posting if this has been asked already.

I’ve learned from the videos that in a MVC app hosted in Azure scenario that I’d likely want to use CodeFlow as the type of client authentication. Assuming that’s correct…

I want to use IdentityServer.v3 with the ASP.Net Identity store to authenticate my users and provide (custom?) claims that tell the app what their tenant ID is, as well as an Azure account Id or a shared access signature code (haven’t decided which yet). I also want to use IdentityManager (with ASP.Net Identity back end) to manage user accounts.

I’ve pulled down the samples for both IdentityServer and IdentityManager using the ASP.Net Identity storage. I created a user and a claim using the IdentityManager, but I don’t know how to get the claim back out. I added a new Scope in Scopes.cs in the IdentityServer, and that seems to work in that I can specify my new scope using the MVC CodeFlowClient Manual sample project and it doesn’t blow up, but the decoded identity token looks the same regardless. I also added a Claims collection to my new scope, but frankly I don’t know what I’m doing at this point so it's no surprise that I didn't get what I wanted from that either.

This is the scope I added to the IdentityServer sample:
new Scope
{
Name = "tenantid",
DisplayName = "Tenant Id",
Type = ScopeType.Resource,
Emphasize = true,
Claims = new List
{
new ScopeClaim
{
AlwaysIncludeInIdToken = true,
Name = Constants.ClaimTypes.ClientId,
Description = "subject identifier"
}
}
}

This is probably pretty easy and again apologies for being lame. Thanks!

@donmiller714
Copy link
Author

Ok, I've gotten a little further today and discovered that the IdentityServer is actually reading the custom claims I added through IdentityManager, but they're not getting passed back to the client. When the client decodes the identity token only certain claims are present. I decided to use one of the already defined claims, ClientID, thinking that one would get built and returned back but it doesn't. Also found that the version of IdentityServer used in the AspNetIdentity sample isn't quite the same as the code posted online. Closing this question for now.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant