1 Answers1

1

When you define an api resource (have a look in Config.cs), you can do that :

new ApiResource
{
    Name = "api",
    DisplayName = "My API",

    UserClaims =
    {
        JwtClaimTypes.Id,
        JwtClaimTypes.Subject,
        JwtClaimTypes.Email
    }
}

It defines that your API will receive those claims.

EDIT :

It's better if you add the associate resource's to the GetIdentityResources function (see Config.cs)

Have a glance in the offical documentation to have a better picture http://docs.identityserver.io/en/release/topics/resources.html .

I give you a complete example from a personal project:

    public static IEnumerable<IdentityResource> GetIdentityResources()
    {
        //>Declaration
        var lIdentityResources = new List<IdentityResource>
        {
            new IdentityResources.OpenId(),
            new IdentityResources.Profile(),
            new IdentityResources.Email()
        };

        //>Processing
        foreach (var lAPIResource in GetApiResources())
        {
            lIdentityResources.Add(new IdentityResource(lAPIResource.Name,
                                                        lAPIResource.UserClaims));
        }

        //>Return
        return lIdentityResources;
    }

    public static IEnumerable<ApiResource> GetApiResources()
    {
        return new List<ApiResource>
        {
            new ApiResource
            {
                Name = "api1",
                DisplayName = "api1 API",

                UserClaims =
                {
                    JwtClaimTypes.Id,
                    JwtClaimTypes.Subject,
                    JwtClaimTypes.Email
                }
            }
        };
    }
KJBTech
  • 1,901
  • 2
  • 15
  • 27
  • I get the user's claims but still not getting the email claim, https://pastebin.com/aK4gBu3j – 001 Jun 15 '17 at 07:02
  • https://github.com/IdentityServer/IdentityServer4.Samples/blob/release/Quickstarts/8_EntityFrameworkStorage/src/Api/Controllers/IdentityController.cs – 001 Jun 15 '17 at 07:02
  • My bad ! I forget to tell you to add the email ressource according to OpenID spec implementation in IdentityServer4 – KJBTech Jun 15 '17 at 11:36
  • Yes however, I want to get the claim via the API Controller (i.e in example API IdentityController https://github.com/IdentityServer/IdentityServer4.Samples/blob/release/Quickstarts/8_EntityFrameworkStorage/src/Api/Controllers/IdentityController.cs) , you can do this var identity = (ClaimsIdentity)User.Identity; IEnumerable claims = identity.Claims; but still would not be able to get the user's email claim!? – 001 Jun 15 '17 at 13:24
  • That's sounds weird. When you loop on the claims you can not see the user claim ? I do not have this trouble. – KJBTech Jun 23 '17 at 07:56
  • Nope, cant see it! where are you seeing the claims? did you put a break point in the api controller? – 001 Jun 23 '17 at 16:24
  • are you sure you tested your code with the same sample code as me? this one https://github.com/IdentityServer/IdentityServer4.Samples/tree/release/Quickstarts/5_HybridFlowAuthenticationWithApiAccess and the claims are output when you make a web service call to https://dotnetfiddle.net/8D7hKs ? – 001 Jun 24 '17 at 09:34
  • When you call your API with your token, if you added the correct configuration in Startup.cs, there is a implicit middleware which will call your identity server implementation et get corrects claims. Can you provide your code ? Maybe I forgot something on my example, I will implement an exact solution based on identity server sample tonight – KJBTech Jun 27 '17 at 06:52
  • My code is here https://stackoverflow.com/questions/44761058/identityserver4-how-to-include-email-in-users-claim/44787824#44787824 Its based on the quickstart code but it does not work, I tried adding this! http://docs.identityserver.io/en/release/topics/resources.html#defining-identity-resources it does not work! – 001 Jun 28 '17 at 02:52
  • Not related to this question, but same topic: Is possible to add some custom fields for the user or custom claims? – Alexandra Damaschin Jun 12 '18 at 10:11