Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Bug] ClaimsPrincipalExtensions.GetNameIdentifierId uses utid instead of sub claim

See original GitHub issue

Which Version of Microsoft Identity Web are you using ? Note that to get help, you need to run the latest version. Microsoft Identity Web 0.1.3-preview https://github.com/AzureAD/microsoft-identity-web/blob/master/src/Microsoft.Identity.Web/ClaimsPrincipalExtensions.cs Where is the issue?

  • Web App
    • Sign-in users
    • Sign-in users and call web APIs
  • Web API
    • Protected web APIs (Validating tokens)
    • Protected web APIs (Validating scopes)
    • Protected web APIs call downstream web APIs
  • Token cache serialization
    • In Memory caches
    • Session caches
    • Distributed caches

Other? - please describe;

Is this a new or existing app?

Repro

        /// <summary>
        /// Gets the NameIdentifierId associated with the <see cref="ClaimsPrincipal"/>.
        /// </summary>
        /// <param name="claimsPrincipal">the <see cref="ClaimsPrincipal"/> from which to retrieve the sub claim.</param>
        /// <returns>Name identifier ID (sub) of the identity, or <c>null</c> if it cannot be found.</returns>
        public static string GetNameIdentifierId(this ClaimsPrincipal claimsPrincipal)
        {
            return claimsPrincipal.FindFirstValue(ClaimConstants.UniqueObjectIdentifier);
        }

Expected behavior As per documentation - this should be looking for SUB claim?

Actual behavior Uses

        /// <summary>
        /// UniqueObjectIdentifier: "utid".
        /// </summary>
        public const string UniqueObjectIdentifier = "utid";

Possible Solution

            return claimsPrincipal.FindFirstValue(ClaimConstants.Sub);

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:5 (1 by maintainers)

github_iconTop GitHub Comments

1reaction
pmaytakcommented, Jun 16, 2020
0reactions
jmprieurcommented, Jun 4, 2020

Thanks @felickz for your explanations

Read more comments on GitHub >

github_iconTop Results From Across the Web

ClaimsPrincipalExtensions.GetNameIdentifierId ...
The ClaimsPrincipal from which to retrieve the NameIdentifierId claim. Returns. String. Name identifier ID of the identity, or null if it cannot be...
Read more >
Why is ClaimTypes.NameIdentifier not mapping to 'sub'?
DefaultInboundClaimTypeMap.Clear(); just before the app.UseAuthentication() in the API startup. Use direct "sub" claim instead of ClaimThypes.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[Bug] Can't set SameSite=None for cross-site cookie use

Next page

[Bug] SecurityTokenInvalidIssuerException when using B2C Login with AAD as a federated IdP