AspNet Core - Settings `NameClaimType` and `RoleClaimType`

Question

How do I change the Identity values NameClaimType and RoleClaimType to "sub" and "role" instead the default SOAP URLs below:

(More context on the motivation on this github issue: https://github.com/GestionSystemesTelecom/fake-authentication-jwtbearer/issues/4)

Answer 1

1. Configure your identity

services.AddDefaultIdentity<IIdentityUser>(options =>
{ 
    options.ClaimsIdentity.UserNameClaimType = "sub";
    options.ClaimsIdentity.RoleClaimType = "role";
})

2. Configure your JWT token

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
     .AddJwtBearer(options =>
     {
           options.TokenValidationParameters.NameClaimType = "sub";
           options.TokenValidationParameters.RoleClaimType = "role";
     });

3. Use await CreateAsync(user) method on IUserClaimsPrincipalFactory<IIdentityUser> instance. It will create correct ClaimsIdentity object with user claims that you can use during JWT token generation.

var principal = await _userClaimsPrincipalFactory.CreateAsync(user);
var token = new JwtSecurityToken(issuer, audience, principal.Claims, notBefore, expires, credentials);