Open Closed

How to add additional claim into id_token? #6219


User avatar
0
nhontran created
  • ABP Framework version: v5.2.2
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Auth Server Separated (for Angular): yes

Hi, we are using Identity Server 4 and have a custom claim called 'institution_id,' which we have included in the access token by adding it to the ApiResourcesClaims.

However, this claim does not appear in the id_token, and we need it to be included. Any customization needed to achieve this?

Your help would be greatly appreciated.


6 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please share your identity server config. eg Client, API Scope ,Identity Resource

    Thanks.

  • User Avatar
    0
    nhontran created

    Client:

    Api Resources:

    Api scopes:

    Identity Resources:

    Please let me know if you require any further info.

    Thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please share the code of seeding the identity server's configuration.

  • User Avatar
    0
    nhontran created

    Hi @maliming,

    I have shared you the source code via email.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can add a new Identity Resouce named institution_id.

    Add the institution_id to the request's scopes. options.Scope.Add("institution_id");

    [UnitOfWork]
    public virtual async Task SeedAsync(DataSeedContext context)
    {
        using (_currentTenant.Change(context?.TenantId))
        {
            await _identityResourceDataSeeder.CreateStandardResourcesAsync();
    
            if (!await _identityResourceRepository.CheckNameExistAsync(SHDPClaimTypes.InstitutionId))
            {
                var institutionIdIdentityResource = new IdentityResource(_guidGenerator.Create(), SHDPClaimTypes.InstitutionId);
                institutionIdIdentityResource.AddUserClaim(SHDPClaimTypes.InstitutionId);
                await _identityResourceRepository.InsertAsync(institutionIdIdentityResource);
                if (await _claimTypeRepository.AnyAsync(SHDPClaimTypes.InstitutionId))
                {
                    await _claimTypeRepository.InsertAsync(
                        new IdentityClaimType(
                            _guidGenerator.Create(),
                            SHDPClaimTypes.InstitutionId,
                            isStatic: true
                        )
                    );
                }
            }
    
            await CreateClaimTypesAsync();
            await CreateApiResourcesAsync();
            await CreateClientsAsync();
        }
    }
    
    var commonScopes = new[]
    {
        "email",
        "openid",
        "profile",
        "role",
        "phone",
        "address",
        "DigitalPlatform",
        "institution_id"
    };
    
  • User Avatar
    0
    nhontran created

    Hi @maliming, following your steps, I managed to add the custom claim into id token.

    Thanks a lot for your help.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 12, 2024, 07:15