Custom claims in ASP.NET Core 2 web app

lisasmith · March 21, 2019, 6:31pm

I have code based on the sample https://github.com/okta/samples-aspnetcore/tree/master/okta-hosted-login. I would like to add custom claims to the ClaimsPrincipal and have them persisted in the auth cookie. Is there an event hook in the authentication process where I can do this?

I’ve seen the example using IClaimsTransformation, but that transformation happens on each request. I only want to perform the logic once when the user logs in.

I’ve seen examples using OpenId Connect where there is an OnTokenValidated event, but I don’t see how to integrate that into this okta code.

jsebring · September 6, 2019, 1:33am

This is old enough OP may not benefit. But I ran into the same problem where some profile info doesn’t make it into the User. The following modifications worked for me and does only run on initial login. Hopefully this saves others time…

.AddOktaMvc(new OktaMvcOptions()
            {
                OktaDomain = Configuration.GetValue<string>("Okta:OktaDomain"),
                ClientId = Configuration.GetValue<string>("Okta:ClientId"),
                ClientSecret = _oktaClientSecret,
                Scope = new List<string> { "openid", "profile", "email" },

                OnTokenValidated = async ctx =>
                {
                    var user = ctx.Principal;                    
                    var email = user.Claims.FirstOrDefault(claim => claim.Type == "email").Value;

                    var okta = ctx.HttpContext.RequestServices.GetRequiredService<IOktaClient>();
                    var oktaUser = await okta.Users.GetUserAsync(email);
                    var org = oktaUser.Profile.GetProperty<string>("organization");

                    var claims = new List<Claim> { new Claim("organization", org) };
                    user.AddIdentity(new ClaimsIdentity(claims));                    
                }
            })

bcarinci · October 16, 2019, 2:05pm

Is this possible in the .AddOpenIdConnect portion within Startup.cs?

I have my .net core 2.2 app logging in directly without a sign-in screen, but I wanted to add a couple custom claims pulled from a database table.

system · January 18, 2024, 12:22am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
How to work with Custom Claims Questions	2	3742	November 23, 2020
Access custom claim in ASP.NET Core OAuth/OIDC dotnet	23	14755	April 18, 2018
Claims Present In Web App But Not In API App API dotnet , api	1	3921	February 12, 2024
How to include user specific custom claim in client credentials token OAuth/OIDC	2	1446	February 11, 2024
Get custom claims from access token while login to Okta via IdP using SAML2 Questions	4	3427	February 10, 2024

Custom claims in ASP.NET Core 2 web app

Related topics