I have a few POCO objects I use for authorisation... e.g. a list of products, licence expire dates, user permissions, etc.
I want to stick these all inside the access token as claims and thought it would make things easier if I could simply add the object as a claim... for example:
identity.AddClaim("my_auth_stuff", authObject);
Because all the strings passed into that method seem to run through a JSON formatter I can't pass JSON strings to it either as they get double serialized and come out all messed up.
Is there a reason it is this way? Maybe there could be an optional override on the method to specify if the string is already serilized so I can do something like:
var jsonString = JsonConvert.SerializeObject(authObject);
identity.AddClaim("my_auth_stuff", jsonString, true);
Token serialization is not handled by OpenIddict. For that, it relies on either ASP.NET Core (when using the default token format, via TicketSerializer) or on IdentityModel (a library developed by MSFT that provides JWT support: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) so there's not much we can do in OpenIddict itself.
The good news is that IdentityModel supports JSON claims, so you should be able to do something like that:
var claim = new Claim("complex_claim", JsonConvert.SerializeObject(value), JsonClaimValueTypes.Json);
claim.SetDestinations(OpenIdConnectConstants.Destinations.AccessToken);
identity.AddClaim(claim);
@levitatejay did you have a chance to confirm JsonClaimValueTypes.Json worked as intended?
Yes, I've just tested and it is working great for what I need! Thanks