IdentityServer / IdentityServer2

[deprecated] Thinktecture IdentityServer is a light-weight security token service built with .NET 4.5, MVC 4, Web API and WCF.
Other
409 stars 291 forks source link

How to get user claims from RequestResourceOwnerPassword flow? #835

Closed eldiosyeldiablo closed 8 years ago

eldiosyeldiablo commented 9 years ago

For our server to server api calls we are getting the OAuth token by calling the OAuth2Client.RequestResourceOwnerPasswordAsync method

Ex:

var client = new OAuth2Client(
    new Uri("https://auth.example.com/IdSvr/issue/oauth2/token"),
    "clientId",
    "password");

var token = client.RequestResourceOwnerPasswordAsync("SampleClient", "password", "urn:protectedApi")

However, the claims is not full populated. How is it recommended that we get the claims populated?

When I say not fully populated the IClaimsRepository is not called so the claim set is very minimal. Should there be an additional call by the client application to get the claim set like the OIDC flow does?

pravinbhosale01 commented 9 years ago

If you are using JWT type of token, There are online JWT token decoder, one of them is http://jwt.io paste your token in textbox there and see decoded claims. If you want to do that using code, you can find that in HttpActionContext.Request.GetClaimsPrincipal().Claims on Authorization level.