Currently browsing: Identity Server

Add custom claims to access token in IdentityServer4

All identity providers are flexible and allow you to add custom claims in the issued access token. IdentityServer4 is no different in this scenario. Here is a short manual how to add custom claims in IdentityServer4 access token response.

You need to implement a ProfileService:

public class ProfileService : IProfileService
	public ProfileService(
		_userManager = userManager;

	public async Task GetProfileDataAsync(ProfileDataRequestContext context)
		var user = await _userManager.GetUserAsync(context.Subject);

		var claims = new List<Claim{
			new Claim("custom_claim1", user.CustomClaim1),
Read more

Issue access token to IdentityServer 4 from IdentityServer 4

You need sometimes IdentityServer 4 to interact with other services and to need information from them. And in many cases the same instance of the IdentityServer is the one that authorizes the access to those other services. Wee need to issue an access token to our-self in order to get/post the necessary information.

In my case I needed to create a corresponding object in another service on new user registration. To get the access token needed I have used IdentityServerTooks …

Read more

Fix Unable to unprotect the message.State. exception on Identity Server redirect

After fixing the 502 Bad Gateway issue I hit another one.

Here is the exception I have from the logs

HTTP POST /signin-oidc responded 500 in 77.6515 ms

System.Exception: An error was encountered while handling the remote login. —> System.Exception: Unable to unprotect the message.State. — End of inner exception stack trace — at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Serilog.AspNetCore.RequestLoggingMiddleware.Invoke(HttpContext httpContext) at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>g__Awaited|6_0(ExceptionHandlerMiddleware middleware, HttpContext context, Task task)

As mentioned in the previous post – when I run from Visual …

Read more

Solve identity server signin-oidc 502 Bad Gateway error

It was time to run the Identity Server 4 with the rest of the microservices in the Kubernetes cluster on a dedicated machine. I am running single node cluster, since this is not production, but just one of my pet projects and it is running locally. Still, it is going through one more Nginx (on top of the Kubernetes ingress) used to expose over the internet and create the certificates through Let’s Encrypt.

When I run the Identity Server 4 …

Read more