Duende Identity Server 7.0 issue - Could not retain the claims when caller in UserInfoEndpoint #1436
Comments
vrrenga123
changed the title
|
The behavior changed in IdentityServer 7. Please see #1345 for details. If that doesn't clarify/solve things for you please let me know. |
|
Thank you for your reply, Here are the additional information the way in which this affects my current use case is that I am issuing claims based on the extra token params and also not able to add it (token params) in sessions as mentioned in #1345 . the client side application having dropdown with some value, whenever the dropdown value changes some values are passing in extra token params to identity server by calling signinSilent method from Angular, when the profile service is called we can get these value (extra token params) in ClaimsProviderIdentityToken end point using context.ValidatedRequest but in userinfo end point, we could not get the extra token params value, because context.ValidatedRequest is null in userinfo endpoint. also we not able to add these parameter within the session as iDP deal with multiple clients at the same time. It would be helpful, in any case, to have this parameter accessible in profile service when called via the user info end point |
|
Any workaround to get the extra token params value in userinfo endpoint. |
|
@vrrenga123 My apologies that the follow up to this issue by us took such a long time. Can you tell us more about why you would need this? Do you need these extra token params to go in an access token? Or is there some other purpose? The protocol doesn't really allow to add extra claims once the tokens have been issued. So if that is the case you should solve it by rethinking the architecture. For example by creating an extra API (protected with the access token) where this data is available. |
|
@vrrenga123 Can you please let us know if we can assist you further with this? If not I'll close the issue. |
|
Closing the issue for now. If you would like to continue to discuss, please create a new post in GitHub discussions. |
Which version of Duende Identity Server are you using?
Duende Version 7.0
Which version of .NET are you using?
.Net 8.0
Duende Identity Server 7.0 issue - could not retain the claims when caller in UserInfoEndpoint
As context.ValidatedRequest is null in caller UserInfoEndPoint, it could not retain the claims context.Subject.Claims, In Duende Identity Server 6.0, we were able to obtain all of the claims in the second call (UserInfoEndPoint) using context.Subject.Claims . However, in Duende Identity Server 7.0, the claims are not being retained.
To Reproduce
Additional Information
When I use AlwaysIncludeUserClaimsInIdToken, I receive the following error message in chrome browser:HTTP/2 Protocol Error ERROR when it calls using authorize endpoint. Because we have more claims than the query string can hold, it would be preferable to accomplish this within the UserInfoEndpoint itself rather than using the Id token endpoint.
Expected behavior
I'm passing some value from client as in extra parameter and I need to retrun back all the values as claims to the client with additional claims based on the extra parameter
The text was updated successfully, but these errors were encountered: