Identityserver4: Question: "name" claim missing in protected API und identity name is null (ASP.NET Core)

Created on 3 Nov 2017  路  4Comments  路  Source: IdentityServer/IdentityServer4

I have in Startup.cs:

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
                .AddIdentityServerAuthentication(options =>
                {
                    options.Authority = "http://localhost:5000";
                    options.RequireHttpsMetadata = false;
                    options.ApiName = "exampleapi";
                });

The Web API controller method is:

        [HttpGet, Authorize]
        public IActionResult Get()
        {
            return Ok(new {
                name = User.Identity.Name,
                claims = User.Claims.Select(c => new { c.Type, c.Value }) });
        }

The problem is: There is no "name" claim and the identity name is null.
When the JWT token is displayed on the client the "name" claim is there and it is filled correctly.

The JWT Token reads:

{
  "id_token": "eyJ...",
  "session_state": "foJh...",
  "access_token": "eyJhb....",
  "token_type": "Bearer",
  "scope": "openid email address profile phone exampleapi",
  "profile": {
    "sid": "d7a9fa002ced3799c12a29f9235cd7cb",
    "sub": "366bd3acc65547a24225e4db3293e964c53e97776fff65a25647ebf638ecc2f6",
    "auth_time": 1509705231,
    "idp": "Windows",
    "name": "MYDOMAIN\\MyName",
    "amr": [
      "external"
    ]
  },
  "expires_at": 1509715926
}
question
Source
picture guidoffm

Most helpful comment

This fixed my problem:

        internal static IEnumerable<ApiResource> GetApiResources()
        {
            yield return new ApiResource("exampleapi", "Example API") { UserClaims = { JwtClaimTypes.Name } };
        }
picture guidoffm on 3 Nov 2017
👍6

All 4 comments

You are showing the identity token, but you send the access token to the API - decode that - e.g. using https://jwt.io

leastprivilege picture leastprivilege on 3 Nov 2017 
{
  "nbf": 1509712326,
  "exp": 1509715926,
  "iss": "http://localhost:5000",
  "aud": [
    "http://localhost:5000/resources",
    "exampleapi"
  ],
  "client_id": "clientexample",
  "sub": "366bd3acc65547a24225e4db3293e964c53e97776fff65a25647ebf638ecc2f6",
  "auth_time": 1509705231,
  "idp": "Windows",
  "scope": [
    "openid",
    "email",
    "address",
    "profile",
    "phone",
    "exampleapi"
  ],
  "amr": [
    "external"
  ]
}
guidoffm picture guidoffm on 3 Nov 2017

This fixed my problem:

        internal static IEnumerable<ApiResource> GetApiResources()
        {
            yield return new ApiResource("exampleapi", "Example API") { UserClaims = { JwtClaimTypes.Name } };
        }
guidoffm picture guidoffm on 3 Nov 2017
👍6

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 14 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

leksim picture leksim  路  3Comments
klioqc picture klioqc  路  3Comments
eshorgan picture eshorgan  路  3Comments
garymacpherson picture garymacpherson  路  3Comments
cixonline picture cixonline  路  3Comments