2

For example, client send requests for an access token with the additional field location: USA. Where can I store that field, which would then passes back to my server from a client? I mean, that field must present in all requests, but certain values can differs.

Example request:

POST /connect/token

formData: {
  client_id: 'some_id',
  client_secret: 'some_secret',
  grant_type: 'client_credentials',
  scope: 'some_scope',
  location: 'USA' 
}

Response:

{
  "access_token": "",
  "expires_in": 43200,
  "token_type": "Bearer"
}

Payload of decoded token

{
  "nbf": 1517821102,
  "exp": 1517864302,
  "iss": "",
  "aud": [],
  "client_id": "some_id",
  "scope": [ "some_scope" ],
  "location": 'USA'
}

I am using IdentityServer 4 on ASP.NET Core

Yurii N.
  • 5,455
  • 12
  • 42
  • 66
  • What do you mean by 'certain values can differ'? –  Feb 05 '18 at 16:48
  • @RuardvanElburg I mean that location can be not only USA, but e.g. other countries. – Yurii N. Feb 05 '18 at 19:42
  • If the location is fixed per client then you can add this as claim in the ClientClaims table. –  Feb 05 '18 at 21:24
  • @RuardvanElburg that's the problem, location isn't fixed, client can choose any location from the list presented. – Yurii N. Feb 06 '18 at 09:09
  • How can the client choose as this is an automated process? And why would it change? If some user interaction is involved you may not be using the right flow. In any case it seems that this information shouldn't be part of the token but should rather be send as parameter on each query. Values that can change frequently shouldn't be stored in the token. –  Feb 06 '18 at 09:30
  • @RuardvanElburg Imagine a situation, where user choose location at the start of his experience with app, then its location stores, he doesn't need to change it frequently, maybe once a year at best. But it doesn't cancel requirement of location saving. – Yurii N. Feb 06 '18 at 11:20

1 Answers1

1

You should be able to implement a custom IProfileService and set the IssuedClaims property of the ProfileDataRequestContext. This should enable you to send custom claims within the access token. See the documentation for more info.

Martin Zikmund
  • 38,440
  • 7
  • 70
  • 91