Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Incorrect claim Type

Tags:

c#

asp.net-core

identityserver4

I am currently working on an API. The tokens are returned from an IdentityServer4.

I am trying to get back the sub id which is the id of the currently authorized user from the token claim. I can see it in the Claim here.

{
  "nbf": 1512632838,
  "exp": 1512636438,
  "iss": "http://localhost:5000",
  "aud": [
    "http://localhost:5000/resources",
    "testapi"
  ],
  "client_id": "ServiceAccountAccess",
  "sub": "21248582",
  "auth_time": 1512632823,
  "idp": "local",
  "name": "TestUser",
  "resource_id": "21260601",
  "xena_fiscal_id": "21875",
  "fiscal_name": "My company",
  "picture_url": "/Content/images/avatar-company-xena.jpg",
  "application_id": "16140911",
  "scope": [
    "openid",
    "profile",
    "testapi"
  ],
  "amr": [
    "password"
  ]
}

My API call is quite simple

    [Authorize]
    public async Task<ActionResult> ChangeFiscal([FromBody] long fiscalId)
    {

        var name = User.Claims.Where(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier")
            .Select(c => c.Value).SingleOrDefault();

    }

What i cant understand is why sub or subject is being turned into

"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"

enter image description here

I can see from the api that its done it to quite a few of the claims

{
  "nbf": 1512653706,
  "exp": 1512657306,
  "iss": "http://localhost:5000",
  "aud": [
    "http://localhost:5000/resources",
    "testapi"
  ],
  "client_id": "ServiceAccountAccess",
  "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier": "21248582",
  "auth_time": 1512652100,
  "http://schemas.microsoft.com/identity/claims/identityprovider": "local",
  "name": "TestUser",
  "supporter": "21248582",
  "http://schemas.microsoft.com/claims/authnmethodsreferences": "password",
  "resource_id": "21527443",
  "xena_fiscal_id": "21876",
  "fiscal_name": "this",
  "picture_url": "/Content/images/avatar-company-xena.jpg",
  "scope": [
    "openid",
    "profile",
    "testapi"
  ]
}
like image 487
DaImTo Avatar asked Sep 06 '25 03:09

DaImTo

1 Answers

Its taken an hour to figure out that the Microsoft JWT handler turns these standard claims into Microsoft proprietary ones.

By adding the following line to the startup Configure method i was able to turn off this annoying "feature"

JwtSecurityTokenHandler.InboundClaimTypeMap.Clear()
like image 64
DaImTo Avatar answered Sep 07 '25 20:09

DaImTo
Sign in to Comment

Related questions

MVC 6 WebAPI FromServices attribute won't compile
MSBuild tools offline installation
How to handle object references in JSON document with Newtonsoft Json.NET?
How to check if Class is Compiler Generated
How do I set an image for ContextMenuStrip items?
Microsoft SQL Server vs. SQL Server Management Studio
Find application using port
C# Set from another class and Get from another class
Unity build a dark scene with no lights except torch
How do I setup a mock that dynamically returns results based on a parameter's value?
Why do Switch and ListView controls in MAUI not update with 2-way binding?
How can I do a POST in .NET Core 2.2 if the content is XML formatted?
Register multiple singletons with same interface but different constructor parameters values
Too many methods very similar
How to Create Global Keyboard Hook with C# in Linux
Playwright "Element is not attached to the DOM"
mailkit imap client Inbox.MoveTo "The folder is not currently open in read-write mode."
How to return custom error messages in dotnet core Web Api
Loading Canon .CR2 files in .NET
Accessing GenericTypeParameters of generic type in C#

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!