search

DuendeSoftware / Support

Support for Duende Software products
21 stars 0 forks source link

Duende Identity Server 7.0 issue - Could not retain the claims when caller in UserInfoEndpoint #1436

Open vrrenga123 opened 1 month ago

vrrenga123 commented 1 month ago

Which version of Duende Identity Server are you using?

Duende Version 7.0

Which version of .NET are you using?

.Net 8.0

Duende Identity Server 7.0 issue - could not retain the claims when caller in UserInfoEndpoint

As context.ValidatedRequest is null in caller UserInfoEndPoint, it could not retain the claims context.Subject.Claims, In Duende Identity Server 6.0, we were able to obtain all of the claims in the second call (UserInfoEndPoint) using context.Subject.Claims . However, in Duende Identity Server 7.0, the claims are not being retained.

To Reproduce

Image

Additional Information

When I use AlwaysIncludeUserClaimsInIdToken, I receive the following error message in chrome browser:HTTP/2 Protocol Error ERROR when it calls using authorize endpoint. Because we have more claims than the query string can hold, it would be preferable to accomplish this within the UserInfoEndpoint itself rather than using the Id token endpoint.

Expected behavior

I'm passing some value from client as in extra parameter and I need to retrun back all the values as claims to the client with additional claims based on the extra parameter

RolandGuijt commented 1 month ago

The behavior changed in IdentityServer 7. Please see #1345 for details. If that doesn't clarify/solve things for you please let me know.

vrrenga123 commented 1 month ago

Thank you for your reply,

Here are the additional information the way in which this affects my current use case is that I am issuing claims based on the extra token params and also not able to add it (token params) in sessions as mentioned in #1345 .

the client side application having dropdown with some value, whenever the dropdown value changes some values are passing in extra token params to identity server by calling signinSilent method from Angular, when the profile service is called we can get these value (extra token params) in ClaimsProviderIdentityToken end point using context.ValidatedRequest but in userinfo end point, we could not get the extra token params value, because context.ValidatedRequest is null in userinfo endpoint. also we not able to add these parameter within the session as iDP deal with multiple clients at the same time.

It would be helpful, in any case, to have this parameter accessible in profile service when called via the user info end point

vrrenga123 commented 1 month ago

Any workaround to get the extra token params value in userinfo endpoint.