1

I am trying to configure my Duende (former known as identity server4) identity server for authentication and authorisation. For the authentication part, I am using an external authentication service and one of the things that I get as a result is a UserID. Then, I want to add this UserID as a custom claim inside my access token. However, I can't figure out how this is done.

Specifically, I want to implement something like this:

// Client/program.cs

var client = new HttpClient();

var tokenResponse = await client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest
{
    Address = https://localhost:5001/connect/token,
    ClientId = "1",
    ClientSecret = "secret",
    Scope = "api1",
    UserID = UserID // here is the problem. It creates the correct access token without this line
});

The problem is that UserID is not defined as part of the RequestClientCredentialsTokenAsync.

Is there a way I can add it?

Thank you in advance.

null_user
  • 53
  • 1
  • 5

1 Answers1

1

ClientCredentials Flow doesn't involve any user interaction since there won't be any signed in user related data.

You can use legacy ResourceOwnerPassword Flow that uses user name and password for authentication. Your current approach is related with server-to-server interaction.

gterdem
  • 757
  • 5
  • 14
  • Wouldn't it be possible to snatch the generation of the token or hook up in a similar way as we can do inheriting IProfileService (which, regrettably won't work for Client Credential Flow)? I'm having a similar issue now. Our services that will integrate, can't use "human" interaction but we need to recognize their identity for ensuring other stuff. And we can't pay per client (as the proper approach would be), so I have to figure out a way to diversify the produced JWT based on "something" in the request. – Konrad Viltersten May 18 '23 at 15:30