[Bug] ClaimsPrincipalExtensions.GetNameIdentifierId uses utid instead of sub claim
See original GitHub issueWhich Version of Microsoft Identity Web are you using ? Note that to get help, you need to run the latest version. Microsoft Identity Web 0.1.3-preview https://github.com/AzureAD/microsoft-identity-web/blob/master/src/Microsoft.Identity.Web/ClaimsPrincipalExtensions.cs Where is the issue?
- Web App
- Sign-in users
- Sign-in users and call web APIs
- Web API
- Protected web APIs (Validating tokens)
- Protected web APIs (Validating scopes)
- Protected web APIs call downstream web APIs
- Token cache serialization
- In Memory caches
- Session caches
- Distributed caches
Other? - please describe;
Is this a new or existing app?
Repro
/// <summary>
/// Gets the NameIdentifierId associated with the <see cref="ClaimsPrincipal"/>.
/// </summary>
/// <param name="claimsPrincipal">the <see cref="ClaimsPrincipal"/> from which to retrieve the sub claim.</param>
/// <returns>Name identifier ID (sub) of the identity, or <c>null</c> if it cannot be found.</returns>
public static string GetNameIdentifierId(this ClaimsPrincipal claimsPrincipal)
{
return claimsPrincipal.FindFirstValue(ClaimConstants.UniqueObjectIdentifier);
}
Expected behavior As per documentation - this should be looking for SUB claim?
Actual behavior Uses
/// <summary>
/// UniqueObjectIdentifier: "utid".
/// </summary>
public const string UniqueObjectIdentifier = "utid";
Possible Solution
return claimsPrincipal.FindFirstValue(ClaimConstants.Sub);
Issue Analytics
- State:
- Created 3 years ago
- Comments:5 (1 by maintainers)
Top Results From Across the Web
ClaimsPrincipalExtensions.GetNameIdentifierId ...
The ClaimsPrincipal from which to retrieve the NameIdentifierId claim. Returns. String. Name identifier ID of the identity, or null if it cannot be...
Read more >Why is ClaimTypes.NameIdentifier not mapping to 'sub'?
DefaultInboundClaimTypeMap.Clear(); just before the app.UseAuthentication() in the API startup. Use direct "sub" claim instead of ClaimThypes.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Fixed in Microsoft Identity Web 0.1.5-preview release.
cc: @felickz
Thanks @felickz for your explanations