IdentityServer3.Admin icon indicating copy to clipboard operation
IdentityServer3.Admin copied to clipboard
verified publisher icon IdentityServer

IdentityServer.Admin data model does not allow specifying Claim value type

Open brat000012001 opened this issue 9 years ago • 2 comments

Hi,

A question/suggestion about claim value types. Some resource providers expect the claim values to be integers, bools or strings. It seems that neither IdentityManager.EF nor IdentityServer.Admin.EF have support for claim value types (see IdentityServer3.Admin/source/Core/Core/Client/ClientClaimValue.cs , IdentityManager/source/Core/Core/ClaimValue.cs ). Is that something that you guys have thought of adding in a future? Thx

brat000012001 avatar Jun 03 '16 16:06 brat000012001

I think that the .net claims and jwt token only support string types. That is the main reason we dont use int or bool. @leastprivilege could you confirm? :) ty

iBoonz avatar Jun 04 '16 08:06 iBoonz

@iBoonz: one of the constructor overloads of System.Security.Claims.Claim takes a claim value type. Since JWT is a JSON object, it supports JSON basic types. For example, the following code correctly serializes the claim "tenant_id" as integer:

class MyClaimsProvider : DefaultClaimsProvider
{
   public override async Task<IEnumerable<Claim>> GetAccessTokenClaimsAsync(...) {
       var claims = base.GetAccessTokenClaimsAsync(...);
       claims.Add(new Claim("tenant_id", "3", ClaimValueTypes.Integer);
       return claims;
   }
}

I searched through RFC 7519 but could not find anything related to the constraint you referred to. In fact, the spec says the opposite: "A claim value can be any JSON value". I am just going to assume that this is a missing feature, and given the lack of response the priority, if any, is low

brat000012001 avatar Jun 05 '16 14:06 brat000012001