asp.net-corejwt

"given_name" not being mapped to claims from JWT in ASP.NET Core 8 application


My ASP.NET Core 8 application gets a token from Azure B2C. I take that token and plug it into https://jwt.io/ and I can clearly see the given_name item in the json.

However, my identity does not have a given_name claim. Instead it has a http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname claim.

Things I have already tried:

  1. JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

  2. options.ClaimActions.Remove("given_name");

What else could the problem be? When I debug in VS and I open the token in Quickwatch with the JWT decode option, I do see given_name, but that is not what shows up in the final claims.

Also, I see this line of code in MS's framework, so they are definitely monkeying with this particular claim, but I don't see how it is getting renamed.

ClaimActions.MapUniqueJsonKey("given_name", "given_name");

https://github.com/dotnet/aspnetcore/blob/8d559c6c1a1d006807978310d2e685f53082dd8f/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectOptions.cs#L63-L68


Solution

  • Thank you to @mndbuhl for pointing me at the solution in another post. I went with setting MapInboundClaims to false to give back all of the original claim names.

    https://stackoverflow.com/a/79012024/4194514

    builder.Services
        .AddAuthentication()
        .AddOpenIdConnect(options =>
        {
            // your configuration
    
            options.MapInboundClaims = false;
        });