Ends in:
7 DAYS
15 HRS
6 MIN
8 SEC
Ends in:
7 D
15 H
6 M
8 S
Open Closed

How to add additional claim into id_token? #6219

User avatar
0
nhontran created
  • ABP Framework version: v5.2.2
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Auth Server Separated (for Angular): yes

Hi, we are using Identity Server 4 and have a custom claim called 'institution_id,' which we have included in the access token by adding it to the ApiResourcesClaims.

However, this claim does not appear in the id_token, and we need it to be included. Any customization needed to achieve this?

Your help would be greatly appreciated.

Go to accepted answer
6 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please share your identity server config. eg Client, API Scope ,Identity Resource

    Thanks.

  • User Avatar
    0
    nhontran created

    Client:

    Api Resources:

    Api scopes:

    Identity Resources:

    Please let me know if you require any further info.

    Thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please share the code of seeding the identity server's configuration.

  • User Avatar
    0
    nhontran created

    Hi @maliming,

    I have shared you the source code via email.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can add a new Identity Resouce named institution_id.

    Add the institution_id to the request's scopes. options.Scope.Add("institution_id");

    [UnitOfWork]
public virtual async Task SeedAsync(DataSeedContext context)
{
    using (_currentTenant.Change(context?.TenantId))
    {
        await _identityResourceDataSeeder.CreateStandardResourcesAsync();

        if (!await _identityResourceRepository.CheckNameExistAsync(SHDPClaimTypes.InstitutionId))
        {
            var institutionIdIdentityResource = new IdentityResource(_guidGenerator.Create(), SHDPClaimTypes.InstitutionId);
            institutionIdIdentityResource.AddUserClaim(SHDPClaimTypes.InstitutionId);
            await _identityResourceRepository.InsertAsync(institutionIdIdentityResource);
            if (await _claimTypeRepository.AnyAsync(SHDPClaimTypes.InstitutionId))
            {
                await _claimTypeRepository.InsertAsync(
                    new IdentityClaimType(
                        _guidGenerator.Create(),
                        SHDPClaimTypes.InstitutionId,
                        isStatic: true
                    )
                );
            }
        }

        await CreateClaimTypesAsync();
        await CreateApiResourcesAsync();
        await CreateClientsAsync();
    }
}

    var commonScopes = new[]
{
    "email",
    "openid",
    "profile",
    "role",
    "phone",
    "address",
    "DigitalPlatform",
    "institution_id"
};
  • User Avatar
    0
    nhontran created

    Hi @maliming, following your steps, I managed to add the custom claim into id token.

    Thanks a lot for your help.

Assignee
User avatar maliming
Labels
None yet
Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06