Identityserver4: Adding a claim to the /connect/userinfo with claim value type "JSON" doesn't work

Created on 11 Jun 2020  路  7Comments  路  Source: IdentityServer/IdentityServer4

Issue / Steps to reproduce the problem

Adding a JSON claim (with valuetype set as JsonClaimValueTypes.Json) in an IProfileService implementation when the caller is UserInfoEndpoint does not work as intented as the claim type value is still String.

However - and which makes me thinks this is an issue - it works while adding the claim when the caller is ClaimsProviderAccessToken.

The line does change between tests:

new Claim("theKey", JsonConvert.SerializeObject(theValue), JsonClaimValueTypes.Json)
bug report
Source
picture HunteRoi

All 7 comments

It looks like the 4.0 milestone is for ASP.NET Core 3.1.

The project I am currently developing at work is using ASP.NET Core 2.2. The IdentityServer4 NuGet packages used are the one for AspNetIdentity and the one for EntityFramework.

<Project Sdk="Microsoft.NET.Sdk.Web">

  <PropertyGroup>
    <TargetFramework>netcoreapp2.2</TargetFramework>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="Serilog" Version="2.9.0" />
    <PackageReference Include="Serilog.AspNetCore" Version="2.1.1" />
    <PackageReference Include="Serilog.Settings.Configuration" Version="2.6.1" />
    <PackageReference Include="Serilog.Sinks.Console" Version="3.1.1" />
    <PackageReference Include="Serilog.Sinks.File" Version="4.1.0" />

    <PackageReference Include="IdentityServer4" Version="2.5.4" />
    <PackageReference Include="IdentityServer4.AspNetIdentity" Version="2.5.4" />
    <PackageReference Include="IdentityServer4.EntityFramework" Version="2.5.4" />

    <PackageReference Include="Microsoft.AspNetCore.App" />
    <PackageReference Include="Microsoft.AspNetCore.AzureKeyVault.HostingStartup" Version="2.0.4" />
    <PackageReference Include="Microsoft.Azure.Services.AppAuthentication" Version="1.5.0" />

    <PackageReference Include="Microsoft.EntityFrameworkCore.Tools" Version="2.2.6" PrivateAssets="all">
      <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
    </PackageReference>
  </ItemGroup>
</Project>
HunteRoi picture HunteRoi on 12 Jun 2020

ASP.NET Core 2.2 is not supported anymore - you should upgrade to the latest.

leastprivilege picture leastprivilege on 12 Jun 2020

Considering the technical restrictions of the project at the moment, we do not plan to upgrade anytime soon.

Is there any way I can get this fixed for the version used?

HunteRoi picture HunteRoi on 12 Jun 2020

I will have a look.

You are aware the ASP.NET Core 2.2 has unfixed security vulnerabilities including a remote code execution?

leastprivilege picture leastprivilege on 13 Jun 2020
👍1

Can't repro in latest version. Removing milestone.

leastprivilege picture leastprivilege on 15 Jun 2020
👍1

Please update and let us know if this is still an issue.

brockallen picture brockallen on 7 Sep 2020

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

github-actions[bot] picture github-actions[bot] on 26 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

agilenut picture agilenut  路  3Comments
chrisrestall picture chrisrestall  路  3Comments
Aravind1729 picture Aravind1729  路  3Comments
eshorgan picture eshorgan  路  3Comments
garymacpherson picture garymacpherson  路  3Comments