How do I include the access_token claims in the ProfileDataRequestContext?

Question

This is a follow up question to my previous question here. My question is in regards to when I query the custom UserInfoEndpoint I expect the claims from my access token (which is sent as a bearer token in the request) to be part of the context ProfileDataRequestContext. The problem is they are not, specifically I am wanting the ticket claim to be in the context, however the context is empty(except for sub which as I understand is always present).

Please see my previous question in regards to the implementation as I dont want to repost everything here.

Thanks in advance...

Logs for reference...

2016-06-15 13:52:11.508 -05:00 [Information] Creating userinfo response
2016-06-15 13:52:11.513 -05:00 [Information] Scopes in access token: "app openid offline_access appaccess"
2016-06-15 13:52:11.514 -05:00 [Information] Requested claim types: "applicationDto sub"
2016-06-15 13:52:11.514 -05:00 [Debug] Getting ProfileDataAsync
2016-06-15 13:52:11.514 -05:00 [Debug] The claims in the context...
2016-06-15 13:52:11.514 -05:00 [Debug] Claims sub 783bf872-b864-4042-853d-04fbcb7a505a
2016-06-15 13:52:11.514 -05:00 [Debug] The requseted claims...
2016-06-15 13:52:11.514 -05:00 [Debug] Cliams applicationDto
2016-06-15 13:52:11.514 -05:00 [Debug] Cliams sub
2016-06-15 13:52:11.514 -05:00 [Debug] Finished ProfileDataAsync
2016-06-15 13:52:11.514 -05:00 [Information] Profile service returned to the following claim types: "sub"
2016-06-15 13:52:11.514 -05:00 [Information] End userinfo request
2016-06-15 13:52:11.516 -05:00 [Information] Returning userinfo response.

Update: After discussing the issue on github, its been determined that this is not supported, it was suggested that I put the ticket in the id_token, however this still does not fix the problem.

Is there any way I can get the ticket claim as part of the context in the UserInfoEndpoint?

Logs after the update...

2016-06-16 12:23:08.023 -05:00 [Information] Creating userinfo response
2016-06-16 12:23:08.027 -05:00 [Information] Scopes in access token: "app openid offline_access appaccess"
2016-06-16 12:23:08.028 -05:00 [Information] Requested claim types: "applicationDto sub ticket"
2016-06-16 12:23:08.028 -05:00 [Debug] Getting ProfileDataAsync
2016-06-16 12:23:08.028 -05:00 [Debug] Claims in Claims in the context...
2016-06-16 12:23:08.028 -05:00 [Debug]     "sub : 783bf872-b864-4042-853d-04fbcb7a505a"     
2016-06-16 12:23:08.028 -05:00 [Debug] Claims in Requested Claims...
2016-06-16 12:23:08.028 -05:00 [Debug]     "applicationDto"     
2016-06-16 12:23:08.028 -05:00 [Debug]     "sub"     
2016-06-16 12:23:08.028 -05:00 [Debug]     "ticket"     
2016-06-16 12:23:08.028 -05:00 [Debug] Claims in Issued Claims...
2016-06-16 12:23:08.028 -05:00 [Debug]     "sub : 783bf872-b864-4042-853d-04fbcb7a505a"     
2016-06-16 12:23:08.028 -05:00 [Debug] Finished ProfileDataAsync

score 2 · Accepted Answer · answered Jun 20 '16 at 10:19

That expectation is wrong - userinfo is an OpenID Connect concept and is an alternative way to get to the claims that would otherwise be in an identity token. Not an access token.

That said - in your GetProfileDataAsync method in your user service you can detect from the context if you are being called via the userinfo endpoint and can return any claims you like.

How do I include the access_token claims in the ProfileDataRequestContext?

1 Answers1