Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Duende Identity Server 7.0 issue - Could not retain the claims when caller in UserInfoEndpoint #1436

Open
vrrenga123 opened this issue Oct 8, 2024 · 3 comments
Open

Duende Identity Server 7.0 issue - Could not retain the claims when caller in UserInfoEndpoint #1436

vrrenga123 opened this issue Oct 8, 2024 · 3 comments
Assignees
@AndersAbel
Labels
IdentityServer investigating question

Comments

@vrrenga123
Copy link

vrrenga123 commented Oct 8, 2024
edited
Loading

Which version of Duende Identity Server are you using?

Duende Version 7.0

Which version of .NET are you using?

.Net 8.0

Duende Identity Server 7.0 issue - could not retain the claims when caller in UserInfoEndpoint

As context.ValidatedRequest is null in caller UserInfoEndPoint, it could not retain the claims context.Subject.Claims, In Duende Identity Server 6.0, we were able to obtain all of the claims in the second call (UserInfoEndPoint) using context.Subject.Claims . However, in Duende Identity Server 7.0, the claims are not being retained.

To Reproduce

Image

Additional Information

When I use AlwaysIncludeUserClaimsInIdToken, I receive the following error message in chrome browser:HTTP/2 Protocol Error ERROR when it calls using authorize endpoint. Because we have more claims than the query string can hold, it would be preferable to accomplish this within the UserInfoEndpoint itself rather than using the Id token endpoint.

Expected behavior

I'm passing some value from client as in extra parameter and I need to retrun back all the values as claims to the client with additional claims based on the extra parameter
@vrrenga123 vrrenga123 added the BFF label Oct 8, 2024
@vrrenga123 vrrenga123 changed the title Duende Identity Server 7.0 issue - Could retain the claims when caller in UserInfoEndpoint Duende Identity Server 7.0 issue - Could not retain the claims when caller in UserInfoEndpoint Oct 9, 2024
@RolandGuijt RolandGuijt self-assigned this Oct 11, 2024
@RolandGuijt
Copy link

The behavior changed in IdentityServer 7. Please see #1345 for details. If that doesn't clarify/solve things for you please let me know.

@vrrenga123
Copy link
Author

vrrenga123 commented Oct 14, 2024
edited
Loading

Thank you for your reply,

Here are the additional information the way in which this affects my current use case is that I am issuing claims based on the extra token params and also not able to add it (token params) in sessions as mentioned in #1345 .

the client side application having dropdown with some value, whenever the dropdown value changes some values are passing in extra token params to identity server by calling signinSilent method from Angular, when the profile service is called we can get these value (extra token params) in ClaimsProviderIdentityToken end point using context.ValidatedRequest but in userinfo end point, we could not get the extra token params value, because context.ValidatedRequest is null in userinfo endpoint. also we not able to add these parameter within the session as iDP deal with multiple clients at the same time.

It would be helpful, in any case, to have this parameter accessible in profile service when called via the user info end point

@vrrenga123
Copy link
Author

Any workaround to get the extra token params value in userinfo endpoint.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AndersAbel AndersAbel

Labels
IdentityServer investigating question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@AndersAbel @RolandGuijt @vrrenga123