Enrich Token Claims with ASP.NET Core
Often you have the requirement that you need or want to add additional claims to a token - either the, ID token or the access token. This is especially useful when one needs an additional custom enrichment that is not available at the time of token creation.
ASP.NET Core has a corresponding interface in the Auth pipeline for this purpose: the IClaimsTransformation.
All implementations of this interface are instantiated automatically if they have been registered.
services.AddScoped<IClaimsTransformation, AddCustomClaimsToIdentityTransformation>();
All implementations are run through in the order in which they were registered.
The implementation itself is very simple:
public class AddCustomClaimsToIdentityTransformation : IClaimsTransformation
{
public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
ClaimsPrincipal clone = principal.Clone();
ClaimsIdentity newIdentity = (ClaimsIdentity)clone.Identity;
// support aad / ad / others, too
Claim? nameId = principal.Claims
.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier || c.Type == ClaimTypes.Name);
if (nameId is null) return principal;
// request data from your claim source
var myClaimData = await _myRepository.GetAdditionClaimsOfUser(nameId).ConfigureAwait(false);
foreach (var customClaim in myClaimData)
{
newIdentity.AddClaim(new(customClaim.Type, customClaim.Value));
}
return clone;
}
}
Autor
Benjamin Abt
Ben is a passionate developer and software architect and especially focused on .NET, cloud and IoT. In his professional he works on high-scalable platforms for IoT and Industry 4.0 focused on the next generation of connected industry based on Azure and .NET. He runs the largest german-speaking C# forum myCSharp.de, is the founder of the Azure UserGroup Stuttgart, a co-organizer of the AzureSaturday, runs his blog, participates in open source projects, speaks at various conferences and user groups and also has a bit free time. He is a Microsoft MVP since 2015 for .NET and Azure.