Open Closed

OpenId Connect Custom Claim #2602

User avatar
0
steve.burgess created
  • ABP Framework version: v5.1.3
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes (Microservice template)
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

Hi,

I'm currently using the microservice template (v5.1.3)

I'm trying to figure out how to make a custom claim visible to when using CurrentUser.FindClaim in one of my custom services.

I'm using Azure Open Id Connect. The claim is in the returned Id token from Azure as seen below

I'm struggling to understand how to get that to appear as a claim on the currently logged in user.

I followed the instructions in this issue https://github.com/abpframework/abp/issues/42 but much like piresashwin in the last comment the CreateAsync method of the custom ClaimsPrincipalFactory never appears to be called.

Cheers,

Steve.

Go to accepted answer
7 Answer(s)
  • User Avatar
    0
    gterdem created
    Support Team Senior .NET Developer

    You can check this class as sample of adding custom claims using custom claims principal factory.

  • User Avatar
    0
    steve.burgess created

    You can check this class as sample of adding custom claims using custom claims principal factory.

    Hi,

    Thanks for that. I can now add claims to the abp user.

    What would be the best way to take a value from the Azure user claims (such as the employeeid i have) and get it added to the abp user?

    In the linked example it looks like the claims value is being taken from a cookie that is being set by some middleware. I'm not sure that'll work in my scenario.

    Cheers,

    Steve.

  • User Avatar
    0
    gterdem created
    Support Team Senior .NET Developer

    Can you try creating a new claims principle using claims from azure ad (employeeId) and add it to current userprinciple when onTokenReceived event?

  • User Avatar
    0
    steve.burgess created

    Can you try creating a new claims principle using claims from azure ad (employeeId) and add it to current userprinciple when onTokenReceived event?

    Hi,

    Thanks for getting back to me.

    Do you mean the OnTokenResponseReceived event?

    In that event I can’t see where I would get the current user principle. I can access the claims principal, but I believe that’s just the user that authenticated with Azure. At the point that OnTokenResponseReceived is fired I’m not sure we have access to any other user principle?

    Cheers,

    Steve

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you try this?

    var auth = await _httpContextAccessor.HttpContext.AuthenticateAsync(IdentityConstants.ExternalScheme);

    https://github.com/abpframework/eShopOnAbp/blob/b48dc3465980856c4f61b3532ad51fe211a6cbf7/apps/auth-server/src/EShopOnAbp.AuthServer/EShopUserPrincipleFactory.cs#L42-L53

  • User Avatar
    0
    steve.burgess created

    Hi,

    That works great thanks!

    Cheers,

    Steve.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    You are welcome.

Assignee
No one
Labels
Non yet
Made with ❤️ on ABP v8.2.0-preview Updated on March 25, 2024, 15:11