Improvements in Claim Mapping in the ASP.NET Core 2.1 OpenID Connect Handler

Here I described the various layers of claim mappings going on when doing OpenID Connect with ASP.NET Core.

Based on our feedback, the ASP.NET team added another mapping option to reduce the amount of “magic” going on, and thus makes it less confusing to get the expected claims in your client applications.

The new mapping is called MapAllExcept which does exactly what you think it does – it maps all the claims except the ones you don’t care about, e.g.:

options.ClaimActions.MapAllExcept("iss""nbf""exp""aud""nonce""iat""c_hash");

This strips the protocol claims that you are not interested in, and all other claims get mapped forward (sample here). You still have to opt-out from the mapping to Microsoft proprietary claims – but well, we’ll get there eventually…

This entry was posted in ASP.NET Core, OpenID Connect, Uncategorized. Bookmark the permalink.

2 Responses to Improvements in Claim Mapping in the ASP.NET Core 2.1 OpenID Connect Handler

  1. Tim Maes says:

    Dear god, right on time! I was struggling with this yesterday. Thanks.

  2. Brian N Wells says:

    Good tip! Thanks, Dominick!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s