Why ASP.NET Core adds claims twice into User.Claims property?

Question

I have asp.net core application and the application is using OpenIdConnect authentication using IdentityServer3. When the user is authenticated successfully the application receives proper claims from identity server. I can debug the line TokenValidatedContext.Ticket.Principal.Claims in OnTokenValidatd and make sure application receives all the claims.

Code Snippet

    var connectOptions = new OpenIdConnectOptions()
        {
            AutomaticAuthenticate = true,
            AutomaticChallenge = true,
            Authority = authority,
            ClientId = clientId,
            ResponseType = IdentityConstant.IdTokenClaim,
            AuthenticationScheme = IdentityConstant.OpenIdAuthenticationScheme,
            SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme,
            PostLogoutRedirectUri = postlogoutRedirectUri,
            CallbackPath = IdentityConstant.CallbackPath,
            Events = new OpenIdConnectEvents()
            {
                OnTokenValidated = async context =>
                {
                    var claims = context.Ticket.Principal.Claims;
                    await Task.FromResult(0);
                }
            }
        };

below is the quick watch of TokenValidatedContext.Ticket.Principal.Claims in OnTokenValidated handler

However, after successful authentication when I debug User.Cliams in Home controller, I see all the claims are added twice.
Below is the quick watch of User.Claims in Home controller

Why the claims are getting added twice in User.Claims?

Answer 1

Because you set openidconnect's AutomaticAuthenticate to true. If you look user identities you will see there are two identities(One for cookie other for openidconnect authentication). Since User.Claims are sum of these identity claims, you see claims twice. So, removing AutomaticAuthenticate = true, from openidconnect options solves the problem.