I'm struggling a bit with deciding the best ways to augment a ClaimsPrincipal/ClaimsIdentity. I can add a new identity or modify claims on the provided identity. I could clone or just modify the principal. I can do these changes in OnTokenValidated or in an IClaimsTransformation method. For example, I want to read the userinfo claims and add them to an identity. I can create a new identity, but then I need to worry that a given claim already existed on the original principal. I might also check to see if some roles defined in a config file are on the identity I want to set them as administrator.
- Does it really matter if I do this logic in
AddJwtBearervsIClaimsTransformation? - Does it really matter if I edit-in-place the principal/identity, or do I need to just start from scratch? What's the cut-off for deciding one way or the other?
