identityserver4 - identity server 4 get email claim without using Profile -


how can configure identity server core pass user email, in hybrid flow, without including "profile" identity resource?

i want server know least information possible user, require user emails users create account. consent asking user authorize id , email both required.

i using entity framework stores persist data + asp.net core identity user management. populate db config shown below.

this have done far, not receiving user claim user email. receiving "sid" though.

public class config {     // scopes define resources in system     public static ienumerable<identityresource> getidentityresources()     {          return new list<identityresource>         {             new identityresources.openid(),             new identityresources.email             {                 required = true             }         };     }       // clients want access resources (aka scopes)     public static ienumerable<client> getclients()     {              new client             {                 clientid = "myclient",                 clientname = "myclient",                 allowedgranttypes = granttypes.hybridandclientcredentials,                  requireconsent = true,                  clientsecrets =                 {                     new secret("secret".sha256())                 },                  redirecturis = { "http://localhost:27919/signin-oidc" },                 postlogoutredirecturis = { "http://localhost:27919" },                  allowedscopes =                 {                     identityserverconstants.standardscopes.openid,                     identityserverconstants.standardscopes.email                 },                 allowofflineaccess = true             }            };     } } 

on client side doing:

// middleware external openid connect authentication         var options = new openidconnectoptions         {             signinscheme = "identity.external",             signoutscheme = "identity",              displayname = "myclient",             authority = constants.authserver.baseurl,              clientid = "myclient",             clientsecret = "secret",              responsetype = "code id_token",              //scopes entered below, outside constructor              getclaimsfromuserinfoendpoint = true,               requirehttpsmetadata = false   //todo: make true, false development           };         //adding scopes         options.scope.clear();         options.scope.add("openid");         options.scope.add("email");         app.useopenidconnectauthentication(options); 

i figured out in account controller corresponding asp.net identity email claim must created when user created, add:

 user.claims.add(new identityuserclaim<string>             {                 claimtype = "email",                 claimvalue = model.email             }); 

following each user creation:

var user = new applicationuser { username = model.email, email = model.email }; 

Comments

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

python Tkinter Capturing keyboard events save as one single string -

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -