0

I had developed a WebAPI application and secured my endpoints with OAuth 2.0 protocol using IdentityServer4

My ApiResource looks like: 

                     Name = "BankOfDotNetApi",
                     Scopes =
                     {
                        new Scope("BankOfDotNetApi", "API name for Customer", new List<string>{ "Claim1"}),
                        new Scope("BankOfDotNetApi.Read"),
                        new Scope("BankOfDotNetApi.Write"),
                        new Scope("offline_access"),
                    },
                    UserClaims =
                    {
                        JwtClaimTypes.Name,
                        JwtClaimTypes.Email
                    },

MyClient looks like:

                Client
                {
                    ClientId = "client",
                    AllowedGrantTypes = GrantTypes.ClientCredentials,
                    ClientSecrets = {new Secret("secret".Sha256())},
                    AllowedScopes = { "BankOfDotNetApi", "BankOfDotNetApi.Read" },
                }

My API application startUp.cs looks like:

    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvc(
                config =>
                {
                });

            services.AddControllers();
            services.AddDbContext<BankContext>(options => options.UseInMemoryDatabase("BankingDb"));

            services.AddAuthentication("Bearer")
                     .AddIdentityServerAuthentication(options =>
                     {
                         options.RequireHttpsMetadata = false;
                         options.ApiName = "BankOfDotNetApi";
                         options.Authority = "http://localhost:5000";
                     });
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseHttpsRedirection();

            app.UseRouting();

            app.UseAuthentication();

            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });
        }
    }

I am not generating tokens manually(by creating an instance of JWTToken)and Tokens are automatically generated by IdentityServer4

I am able to access scopes in my access token but I am unable to access Claims.
If my code goes wrong, please suggest to me how and Where to add claims to my ApiResource.
How to access claims in my AccessToken

SAREKA AVINASH
  • 437
  • 8
  • 15
  • Does this answer your question? [Identity Server 4: adding claims to access token](https://stackoverflow.com/questions/41387069/identity-server-4-adding-claims-to-access-token) – Mateech Apr 23 '20 at 13:53
  • Nope. The link provided by you is using OpenId Connect. but I'm using OAuth 2.0 – SAREKA AVINASH Apr 23 '20 at 15:22

1 Answers1

2

Use ICustomTokenRequestValidator interface, after token generation, control flow comes in ValidateAsync method.

namespace IdentityServer4.Validation
{
    //
    // Summary:
    //     Allows inserting custom validation logic into authorize and token requests
    public interface ICustomTokenRequestValidator
    {
        //
        // Summary:
        //     Custom validation logic for a token request.
        //
        // Parameters:
        //   context:
        //     The context.
        //
        // Returns:
        //     The validation result
        Task ValidateAsync(CustomTokenRequestValidationContext context);
    }
}

Use below line to add custom claim in token.

context.Result.ValidatedRequest.ClientClaims.Add(claim);

Adds the custom authorize request validator using AddCustomTokenRequestValidator in startup class.

Ravi
  • 398
  • 3
  • 11
  • Thanks for the reply..But Claims need to be added inside the ApiResource model and access via Token..but as per your suggestion where can I get context object. And my scenario is to get claims from Token and not to add claims to Token!.. Can you eloberate you answer – SAREKA AVINASH May 11 '20 at 15:03
  • Above code change needs to be done in IdentityServer. Whenever the token generated by the ClientCredential flow then It will come ICustomTokenRequestValidator implemented ValidateAsync method and using CustomTokenRequestValidationContext you can add custom claims. In Client application/ webapi you can extract the claims from JwtToken – Ravi Jun 22 '20 at 18:04