authentication - ASP.NET Core 1.0. Bearer Token, cannot access custom claims -


i'm trying setup bearer authentication spa using asp.net core 1.0. i've got working jwttoken openidconnect server have issue custom claims not returned token.

my startup.cs logic authentication following:

private void configureauthentication(iapplicationbuilder app) {     app.usejwtbearerauthentication(options =>     {         options.automaticauthenticate = true;         options.authority = "http://localhost:53844";         options.audience = "http://localhost:53844";         options.requirehttpsmetadata = false;     });      app.useopenidconnectserver(options =>     {         options.tokenendpointpath = "/api/v1/token";         options.allowinsecurehttp = true;         options.authorizationendpointpath = pathstring.empty;         options.provider = new openidconnectserverprovider         {             onvalidateclientauthentication = context =>             {                 context.skipped();                 return task.fromresult<object>(null);             },             ongrantresourceownercredentials = async context =>             {                 var usersservice = app.applicationservices.getservice<iusersservice>();                  user user = usersservice.getuser(context.username, context.password);                  var identity = new claimsidentity(new list<claim>(), openidconnectserverdefaults.authenticationscheme);                 identity.addclaim(new claim(claimtypes.nameidentifier, user.id.tostring()));                 identity.addclaim(new claim(claimtypes.name, user.id.tostring()));                 identity.addclaim(new claim("myclaim", "4815162342"));                  var ticket = new authenticationticket(                     new claimsprincipal(identity),                     new authenticationproperties(),                     context.options.authenticationscheme);                  ticket.setresources(new[] { "http://localhost:53844" });                 ticket.setaudiences(new [] {"http://localhost:53844"});                 ticket.setscopes(new [] {"email", "offline_access" });                 context.validated(ticket);             }         };     }); }

both access_token , refresh_token generating succesfully , when passing access_token in authorization header system treats request authorized.

the issue claims except nameidentifier not passed.

i use following code receive claims authenticated request:

public class webusercontext : iusercontext {     private readonly ihttpcontextaccessor contextaccessor;      public webusercontext(ihttpcontextaccessor contextaccessor)     {         this.contextaccessor = contextaccessor;     }      public long userid     {                 {             claimsidentity identity = principal?.identity claimsidentity;              if (identity == null)             {                 return -1;             }              claim claim = identity.claims.firstordefault(c => c.type == claimtypes.name); // there no such claim in claims collection             return long.parse(claim.value);         }     }      private claimsprincipal principal => contextaccessor.httpcontext.user claimsprincipal; }

what can reason claims not passed or extracted token?

what can reason claims not passed or extracted token?

security.

unlike oauthauthorizationservermiddleware, asos doesn't assume access tokens consumed own resource servers (though agree it's common scenario) , refuses serialize claims don't explicitly specify "destination" avoid leaking confidential data unauthorized parties.

with jwt being default format in asos beta4 (but not in next beta), must keep in mind client applications (or users) can read access tokens.

for reason, must explicitly attach "destination" claims:

identity.addclaim(claimtypes.name, "pinpoint", destination: "id_token token");

specify id_token serialize claim in identity token, token serialize in access token or both serialize in both tokens (there's no equivalent authorization codes or refresh tokens encrypted , readable authorization server itself)


Comments

Post a Comment

Popular posts from this blog

php - Wordpress website dashboard page or post editor content is not showing but front end data is showing properly -

Image
recently have uploaded wordpress site onto server. have uploaded wordpress site in sub-folder under root folder ../root(domain root folder)/wordpress (where host wordpress folder). now problem content data in page or post in dashboard of wordpress admin panel not showing - see image. but data showing in front view - see image. if not browser cache issue , not issue happened tinymce editor during upgrade; try add config file: define('concatenate_scripts', false);
Read more

How to get the ip address of VM and use it to configure SSH connection dynamically in Ansible -

i trying ip address of vm , trying use establish ssh vm. following script: --- - hosts: localhost become: yes connection: local gather_facts: false serial: 1 vars_files: - createvmvars.yml tasks: - name: gathering vm info. vsphere_guest: vcenter_hostname: "{{vcenter_hostname}}" username: "{{vcenter_username}}" password: "{{vcenter_password}}" guest: "{{guest_name}}" vmware_guest_facts: yes register: var - debug: msg="{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" - name: establishing ssh connection. script: /home/shasha/devops/scripts/ssh_configure.sh "{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" following content of ssh_configure.sh : #!/bin/sh ssh-keygen -t rsa ssh-copy-id $1 but when running playbook, getting following error while executing third task: error! 'var' undefined but debug module(second task) printin
Read more

javascript - Get parameter of GET request -

i make request: createxhrrequest( "get", fileurl, function( err, response ) { if( err ) { alert( "error get!" ); } alert(response); }); and full response: { "status" : "ok", "message" : "jvberi0xljqkjdduxdgkmy how can jvberi0xlj ? i try response.message , response["message"]. nothing works. just simple access this: var json = json.parse(response); json.message
Read more