Identityserver4: passing additional parameter along with credential

Created on 19 Sep 2016  路  7Comments  路  Source: IdentityServer/IdentityServer4

Hi Dominick,

I have a scenario where user will be logged in with UserName, password and DivisionId. I want this division Id to be part of the jwt and this can be known only at the time of login.

How can you pass this division id to Identityserver so that this gets added to the token.

Thanks in advance,

Noufal

question
Source
picture noufionline

Most helpful comment

Found the solution. Thanks.

 public Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
 {
         string divisionId = context.Request.Raw["divisionId"];
         //After valdating the credential
         context.Result=new GrantValidationResult(context.UserName,context.Password,new[] {new Claim("divisionId",divisionId) });
 }
picture noufionline on 20 Sep 2016
👍11

All 7 comments

The profile service is where you return claims for tokens.

leastprivilege picture leastprivilege on 19 Sep 2016

Thanks for your quick reply.

Creating custom implementation of Profile Service will allow me to do my claims transformation from the server end. that's perfect.

but in my case I need to have this division Id which is gathered as part of the log in process. (a user can occasionally login / switch to a different division).

Since the division id is not directly correlated I cannot store the division id along with the user.

is there any other way to pass the division id / or any claim from the client side itself?

Thanks,

Noufal

noufionline picture noufionline on 19 Sep 2016

Maybe @leastprivilege make the ProfileService's methods virtual, to allow inheritance and override.

tibitoth picture tibitoth on 19 Sep 2016

@noufionline any claims you issue as part of the login process will be made available in the claims on the Subject in the profile service's API (assuming the request for tokens is coming thru the front-channel).

brockallen picture brockallen on 19 Sep 2016

@leastprivilege is it possible to pass additional claims in extra parameter like this?

    var extra = new Dictionary<string, string> {{"divisionId", "1"}};
    var tokenResponse = await tokenClient.RequestResourceOwnerPasswordAsync("userName" ,"password","api1",extra);

and somehow get access to "extra" dictionary parameter passed in RequestResourceOwnerPasswordAsync

 public class CustomProfileService:IProfileService
    {
        public Task GetProfileDataAsync(ProfileDataRequestContext context)
        {
            //Get Access to extra parameter passed in RequestResourceOwnerPasswordAsync
        }

        public Task IsActiveAsync(IsActiveContext context)
        {

        }
    }
noufionline picture noufionline on 20 Sep 2016

Found the solution. Thanks.

 public Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
 {
         string divisionId = context.Request.Raw["divisionId"];
         //After valdating the credential
         context.Result=new GrantValidationResult(context.UserName,context.Password,new[] {new Claim("divisionId",divisionId) });
 }
noufionline picture noufionline on 20 Sep 2016
👍11

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 14 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

krgm03 picture krgm03  路  3Comments
not-good-with-usernames picture not-good-with-usernames  路  3Comments
cixonline picture cixonline  路  3Comments
klioqc picture klioqc  路  3Comments
Aravind1729 picture Aravind1729  路  3Comments