0

I am trying to use Microsoft Account as an external login with IdentityServer4 , I configured my app under Microsoft Application portal as needed , I added a web platform and added "email" under Delegated Permissions to be able to read it, and here is my code to access Microsoft Account :

  .AddMicrosoftAccount("MicrosoftAccount", options =>
    {
        options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;

        options.ClientId = "ClientId";
        options.ClientSecret = "ClientSecret";
        options.Scope.Add("openid");
        options.Scope.Add("email");

    });

when I run the application everything works fine and after the user enter his username and password a confirmation message appears to grant my app a permission to access the email address , but when I checked the retrieved claims inside a custom ProfileService using context.Subject.Claims , I did not find any claim contains the email address , so any help how can I get it .

Here is a sample of code that shows how I access the claims inside GetProfileDataAsync method :

    public async Task GetProfileDataAsync(ProfileDataRequestContext context)
    {
        

        var claims = context.Subject.Claims;   // => there is no claim for the email address          

        claims = claims.Where(claim => context.RequestedClaimTypes.Contains(claim.Type)).ToList();
        context.IssuedClaims = claims.ToList();
    }

based on @serpent5 advise I wrote a sample code to show the problem and upload it to githug ,

the sample code contains 3 projects

  • Fiver.Security.AuthServer (Identity Server)
  • Fiver.Security.AuthServer.Client (client)
  • Fiver.Security.AuthServer.Api (secured API the client wants to access)

I took the original code from this article

https://www.codeproject.com/Articles/1205745/Identity-Server-with-ASP-NET-Core

as I said above , the problem is that I added the email as a scope but it is not returned as a claim from Microsoft account after logging-in ..

Community
  • 1
  • 1
Mtaraby
  • 167
  • 1
  • 13
  • According to the [docs](http://docs.identityserver.io/en/release/reference/profileservice.html), the `Claims` on `Subject` will have been populated *from the user’s cookie*. How are you issuing said cookie? Are you using ASP.NET Core Identity or doing it yourself, for example? – Kirk Larkin Nov 18 '17 at 21:39
  • thanks for you help , I am not using any custom code to handle the cookie creation , – Mtaraby Nov 19 '17 at 06:53
  • It's hard to tell from the information you've provided what the issue is. Can you see if the email-address has been correctly set on the User itself? I'm assuming you *are* using ASP.NET Core Identity for managing your users and signing them in - If you're not, please explain more. – Kirk Larkin Nov 19 '17 at 15:11
  • Yes I am using ASP.NET Core Identity for managing the users, but I think the problem is not related to how I am managing the users , the problem is that I am not able to get a claim from Microsoft Account contians the email address that the user used to login , the only claims that I got are sub,auth_time,name,idp, and amr , and nothing about email address – Mtaraby Nov 19 '17 at 17:50
  • Are you able to provide an [MCVE](https://stackoverflow.com/help/mcve) and host in e.g. GitHub? I'd be happy to take a look and let you know where your problem is. – Kirk Larkin Nov 19 '17 at 17:52
  • Thank you a lot for your help ,I uploaded the code as requested , – Mtaraby Nov 19 '17 at 21:47
  • 1
    Using your example, I can see that the `emailaddress` claim comes back successfully from Microsoft, but does not appear in the `Subject` property, as you said. I believe this is due to code [here](https://github.com/Mtaraby/IdentityServerWithMicrosoftAccount/blob/master/Fiver.Security.AuthServer/Quickstart/Account/AccountController.cs#L262), which doesn't look at said claim when issuing the cookie. – Kirk Larkin Nov 20 '17 at 11:08
  • 1
    I reviewed the code again , and yes you are right , the issue was in the piece of code you mentioned above, I added the emailAdress as an additional claim and that solved the issue , thank you and thanks for your help , – Mtaraby Nov 20 '17 at 12:58

0 Answers0