'Adding new Claims after authentication

I have the following environment

  • IdentityServer 4 (STS)
  • ASP.NET (Web API)
  • Angular (SPA)

My goal is that after authentication in IS4, the user will be returned to the SPA application and also there will be an additional request to the Web API, to provide additional Claims. The values of these Claims will depend on what is currently in the database to which the Web API is connected. I need these Claims in future to allow access to certain APIs

I know that this can be done through ProfileService. But in this case IS4 should be a part of Web API (which I can't do by requirement)

How should I do it right?

I had an idea to create in my Web API a new endopit, which will return a set of Claim. And these Claims I will store on the SPA side of the application in localstorage. But this doesn't seem very safe to me, because anyone can change these Claims

identityserver4


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

How do I validate a JWT using JwtSecurityTokenHandler and a JWKS endpoint?

Identity Server 4 certificate signed by External Certificate Authority

How to implement Windows Authentication with IdentityServer 4

Bearer error="invalid_token", error_description="The issuer is invalid"

Using eShopOnContainers .NET microservices architecture - Use AD B2C instead of IdentityServer4 for microservice authentication

Duende Identity Server- Why I get an error ArgumentNullException after accepting consents (only on deployed .Net 6)?

How to implement Implicit Flow for Angular application using IdentityServer4

Biometric login using IdentityServer on iOS/Android app

How to properly setup JwtBearerOptions

Configure redirect Uris of Identity server in docker environment

IdentityServer4.Stores.ValidatingClientStore Invalid client configuration for ... client no allowed grant type specified

Single Tenant Application needs to support SSO from a multi-tenant provider dynamically with OpenId Owin

Can I pre-authenticate my Angular Client Application using Identity Server 4 to call my locally hosted .Net Core WebAPI

IdentityServer4 cannot configure certificate in code

Claims added from Profile service not included in asp.net core 6 Identity with Duende Identity Server