Improvements in Claim Mapping in the ASP.NET Core 2.1 OpenID Connect Handler

Posted on June 14, 2018 by Dominick Baier

Here I described the various layers of claim mappings going on when doing OpenID Connect with ASP.NET Core.

Based on our feedback, the ASP.NET team added another mapping option to reduce the amount of “magic” going on, and thus makes it less confusing to get the expected claims in your client applications.

The new mapping is called MapAllExcept which does exactly what you think it does – it maps all the claims except the ones you don’t care about, e.g.:

options.ClaimActions.MapAllExcept("iss""nbf""exp""aud""nonce""iat""c_hash");

This strips the protocol claims that you are not interested in, and all other claims get mapped forward (sample here). You still have to opt-out from the mapping to Microsoft proprietary claims – but well, we’ll get there eventually…

This entry was posted in ASP.NET Core, OpenID Connect, Uncategorized. Bookmark the permalink.

2 Responses to Improvements in Claim Mapping in the ASP.NET Core 2.1 OpenID Connect Handler

  1. Tim Maes says:
    June 15, 2018 at 11:35

    Dear god, right on time! I was struggling with this yesterday. Thanks.

    Reply
  2. Brian N Wells says:
    July 1, 2018 at 03:50

    Good tip! Thanks, Dominick!

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s