Identityserver4: How, when using ASP.NET Identity, can I add custom claims to access tokens obtained via extension grants?

Extra claims in the access token should be obtained in the profile service.

Thanks.

May I use multiple profile services within the same application?

May I use multiple profile services within the same application?

No, we only take a dependency one a single one. If you have multiple DBs, then multiplex from within the one.

@brockallen that would be too bad.

So, how could I mix up all those different profile services and inject them into a single one?

And since I would have no access to previously injected instances of the same type, this problem seems more severe to me:

https://github.com/aspnet/DependencyInjection/issues/540 and https://github.com/aspnet/DependencyInjection/issues/340

Inspired by: https://github.com/IdentityServer/IdentityServer4/blob/3bcf55337fe91db2c7fcb6333cf811ec5b6a223e/src/IdentityServer4/Configuration/DependencyInjection/BuilderExtensions/Core.cs

Now:

public static IIdentityServerBuilder ReplaceProfileService<T>(this IIdentityServerBuilder builder)
    where T : IProfileService
{
    var type = typeof(T);
    var service = builder.Services.First(s => s.ImplementationType == type);
    builder.Services.Remove(service);
    builder.Services.Add(new ServiceDescriptor(typeof(IProfileService),
        typeof(MyProfileService<T>), ServiceLifetime.Transient));
    builder.Services.Add(new ServiceDescriptor(type, type, ServiceLifetime.Transient));
    return builder;
}

Seems good.

Finally two questions: why are custom claim fields not included in the access token? How could I include them?

Look at the UserClaims on the ApiResource and Scope models. Then you'd need to include them from the custom profile service.

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.