Openiddict-core: Empty claims list

Created on 26 Jun 2020  路  3Comments  路  Source: openiddict/openiddict-core

Unless I explicitly add the attribute decorator below the User instance has no claims on it, I would be very helpful for any guidance on what I might be doing wrong,

[Authorize(AuthenticationSchemes = OAuthValidationDefaults.AuthenticationScheme)]

My Startup.cs is as follows:

public class Startup
{
    public const string WebsitePolicyName = "Website";
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvc(options =>
        {
            options.EnableEndpointRouting = false;
        });

        services.AddControllers().AddNewtonsoftJson();
        services.AddCors(options =>
        {
            options.AddPolicy(WebsitePolicyName,
                builder =>
                {
                    builder.WithOrigins("https://localhost:44345").AllowAnyHeader().AllowAnyMethod();
                });
        });
        services.Configure<ConnectionStrings>(Configuration.GetSection("ConnectionStrings"));
        services.Configure<AppSettings>(Configuration.GetSection("AppSettings"));
        var connectionString = Configuration.GetConnectionString("DefaultConnection");

        services.AddDbContext<ApplicationDbContext>(options =>
            {
                options.UseSqlServer(connectionString);
                options.UseOpenIddict();
            },
            ServiceLifetime.Transient);

        services.AddIdentity<ApplicationUser, ApplicationRole>()
            .AddEntityFrameworkStores<ApplicationDbContext>()
            .AddDefaultTokenProviders();

        services.Configure<IdentityOptions>(options =>
        {
            options.User.RequireUniqueEmail = true;
            options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject;
        });

        services.AddOpenIddict()
            .AddCore(options =>
            {
                options.UseEntityFrameworkCore()
                    .UseDbContext<ApplicationDbContext>();
            })
            .AddServer(options =>
            {
                options.UseMvc();
                options.RegisterScopes(
                    OpenIdConnectConstants.Scopes.Email,
                    OpenIdConnectConstants.Scopes.Profile,
                    OpenIddictConstants.Scopes.Roles);
                options.EnableAuthorizationEndpoint("/connect/authorize")
                    .EnableLogoutEndpoint("/connect/logout")
                    .EnableTokenEndpoint("/connect/token")
                    .EnableUserinfoEndpoint("/api/userinfo");
                options.AllowAuthorizationCodeFlow()
                    .AllowPasswordFlow()
                    .AllowCustomFlow("facebook_identity_token")
                    .AllowRefreshTokenFlow();
                options.AcceptAnonymousClients();
            })
            .AddValidation();
        services.AddSwaggerDocument();
    }

    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        app.UseCors(WebsitePolicyName);
        app.UseAuthentication();
        app.UseMvc();
        app.UseHttpsRedirection();
        app.UseRouting();
        app.UseOpenApi();
        app.UseSwaggerUi3();
        app.UseErrorHandlingMiddleware();
    }
}

question

All 3 comments

Unless I explicitly add the attribute decorator below the User instance has no claims on it, I would be very helpful for any guidance on what I might be doing wrong,

You're not doing anything wrong, it's the right thing to do. ASP.NET Core Identity registers itself as the default authentication scheme, and using [Authorize(AuthenticationSchemes = OAuthValidationDefaults.AuthenticationScheme)] is the best option to opt out the default cookie-based scheme. Alternatively, you can override the default schemes globally via services.AddAuthentication(options => { ... }).

Hi Kevin,

That fixed it. Many thanks. :) For completeness here is the solution for anyone else with a similar problem:

            services.AddAuthentication(opts =>
            {
                opts.DefaultAuthenticateScheme = OAuthValidationDefaults.AuthenticationScheme;
                opts.DefaultChallengeScheme = OAuthValidationDefaults.AuthenticationScheme;
            });

My pleasure 馃槂

Was this page helpful?
0 / 5 - 0 ratings