I've been playing with IdentityServer4. Absolutely love it.
I've been going through the tutorials on your site, specifically https://identityserver4.readthedocs.io/en/release/quickstarts/7_javascript_client.html
I have created a Profile Service that does the following:
public class ProfileService : IProfileService
{
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
context.IssuedClaims.Add(new Claim("test-claim", "test-value"));
return Task.FromResult(0);
}
public Task IsActiveAsync(IsActiveContext context)
{
context.IsActive = true;
return Task.FromResult(0);
}
}
This works great, my custom claim is visible in the log window of my JS client.
I put a break point on it just to inspect what is in the context, and I noticed it was getting hit twice. The caller properties were ClaimsProviderAccessToken and UserInfoEndpoint respectively. Why is this?
In my naivety I removed the profile scope from my js client, and in oidc-js config also removed the profile scope, and set loadUserInfo: false yet my ProfileService it is still called twice.
If my end goal is to set claims based on parameters from a database, I really I don't want to be doing this operaion twice, do I? (Genuine question -- I don't know). A 'solution' would be to only set them on "ClaimsProviderAccessToken" but there is something telling me that there will be a reason ProfileServices get called twice and that there is some importance of it setting the claims on both runs through.
