Identityserver4: IdentityServer on Core 2.0 - Claims from ProfileService are lost

Created on 6 Oct 2017 · 8Comments · Source: IdentityServer/IdentityServer4

I started some tests with the yesterday released identityserver for aspcore 2.0

I extended the QuickStarter hybrid sample with the following test profile service.

I register the profileservice and I can see that GetProfileDataAsync is called and claims are added to the IssuedClaims list.

But when looking at the claims in the mvc client all claims that were added are missing on the client side.

I checked it in the Controller of the "Secure" page.

If I remember right, in the previous versions creating the profile service was everything I needed to do when GetClaimsFromUserInfoEndpoint is set to true in the client.

what am I missing?

Test Profile Service
```
public class ProfileService : IProfileService
{
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
//Extend here for custom data and claims like email from user database
context.IssuedClaims.Add(new Claim(ClaimValueTypes.String, "[email protected]"));
context.IssuedClaims.Add(new Claim("MyClaim", "a"));

        return Task.CompletedTask;
    }

    public Task IsActiveAsync(IsActiveContext context)
    {
        context.IsActive = true;
        return Task.FromResult(true);
    }
}


Client Configuration

services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = "Cookies";

                options.Authority = "http://localhost:5000";
                options.RequireHttpsMetadata = false;

                options.ClientId = "mvc";
                options.ClientSecret = "secret";
                options.ResponseType = "code id_token";

                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;

                options.Scope.Add("api1");
                options.Scope.Add("offline_access");
            });
    }

```

question

Source

BoasE

Most helpful comment

Ok, glad you sorted it out. I just pushed an integration test to show that custom profile services are working properly: https://github.com/IdentityServer/IdentityServer4/commit/1ce9d2d973954bd4ae43e782c37e33c88153b1f6

brockallen on 6 Oct 2017

👍4

All 8 comments

check the raw token first (https://jwt.io).

leastprivilege on 6 Oct 2017

Also - if claims from userinfo seem to be missing. There is a new way to map them in the MS handler in the client. Check the events they have and also have a look at the new ClaimsActions.

leastprivilege on 6 Oct 2017

thx for the hint ill check the token. which events do you mean exactly?

BoasE on 6 Oct 2017

In the Token I can't see my claims

here the body.

ill checked the token in the OnTokenResponseReceived and OnTokenValidated events both same result


{
  "nbf": 1507291397,
  "exp": 1507291697,
  "iss": "http://localhost:5000",
  "aud": "mvc",
  "nonce": "636428881921830890.OTA5Y2I4YTYtZDQwZi00NzRlLTg5NDctMjUyZjU0MjkyMzY4ZmFiMTliYzYtZmQxNS00OGZlLTllNmMtYzA0ZGM1NmNiYzc1",
  "iat": 1507291397,
  "c_hash": "GFeK1HBOh07iT5v-d42Teg",
  "sid": "e2e8907e82d8bd5e58380754ace19efb",
  "sub": "f4f46aa5488f3c803723b7d6cb1761b05f164590ae50df93bf36c508af0e5a2a",
  "auth_time": 1507291397,
  "idp": "Google",
  "amr": [
    "external"
  ]
}

BoasE on 6 Oct 2017

To isolate the problem i took freshly the mention quickstarter guide. There its the same behavior.

Code-Steps: