owin - Can IdentityServer return claims as part of authenticate request -
i implementing wsfed authentication using wsfederation plugin on top of thinktecture identityserver, got own userservice implemented authenticatelocalasync method below
public async task<authenticateresult> authenticatelocalasync(string username, string password, signinmessage message) { var requestviewmodel = new signinrequestviewmodel { emailaddress = username, password = password }; var result = await signinapplicationservice.signinasync(requestviewmodel); var responseviewmodel = result.viewmodel; var claims = claimbuilder.getclaims(responseviewmodel); return new authenticateresult( responseviewmodel.customerid.tostring(), string.format("{0} {1}", responseviewmodel.firstname, responseviewmodel.lastname), claims); }
this method called when login event triggered, can see authenticate users against own database repository, result built claims object referenced in authenticateresult
object , return back.
so thought claims should available on client, no need make further request, makes second request getprofiledataasync
method called, , based on document:
this method called whenever claims user requested (e.g. during token creation or via userinfo endpoint
which kinda of making sense, mean need call database again retrieve customer data again, , rebuild claims same did in authenticatelocalasync
method?
if so, what's point pass claims in first authenticate method?
can explain please?
thanks
ming
the call getprofiledataasync has claimsprincipal. claims put there in authentication stage should on principal. no need db roundtrip.
if claims not found there, bug , should open issue on issue tracker.
Comments
Post a Comment