identityserver4 - identity server 4 get email claim without using Profile -
how can configure identity server core pass user email, in hybrid flow, without including "profile" identity resource?
i want server know least information possible user, require user emails users create account. consent asking user authorize id , email both required.
i using entity framework stores persist data + asp.net core identity user management. populate db config shown below.
this have done far, not receiving user claim user email. receiving "sid" though.
public class config { // scopes define resources in system public static ienumerable<identityresource> getidentityresources() { return new list<identityresource> { new identityresources.openid(), new identityresources.email { required = true } }; } // clients want access resources (aka scopes) public static ienumerable<client> getclients() { new client { clientid = "myclient", clientname = "myclient", allowedgranttypes = granttypes.hybridandclientcredentials, requireconsent = true, clientsecrets = { new secret("secret".sha256()) }, redirecturis = { "http://localhost:27919/signin-oidc" }, postlogoutredirecturis = { "http://localhost:27919" }, allowedscopes = { identityserverconstants.standardscopes.openid, identityserverconstants.standardscopes.email }, allowofflineaccess = true } }; } }
on client side doing:
// middleware external openid connect authentication var options = new openidconnectoptions { signinscheme = "identity.external", signoutscheme = "identity", displayname = "myclient", authority = constants.authserver.baseurl, clientid = "myclient", clientsecret = "secret", responsetype = "code id_token", //scopes entered below, outside constructor getclaimsfromuserinfoendpoint = true, requirehttpsmetadata = false //todo: make true, false development }; //adding scopes options.scope.clear(); options.scope.add("openid"); options.scope.add("email"); app.useopenidconnectauthentication(options);
i figured out in account controller corresponding asp.net identity email claim must created when user created, add:
user.claims.add(new identityuserclaim<string> { claimtype = "email", claimvalue = model.email });
following each user creation:
var user = new applicationuser { username = model.email, email = model.email };
Comments
Post a Comment