Mardoxx Mardoxx - 4 years ago 221
ASP.NET (C#) Question

What is a ProfileService/When is a ProfileService executed?

I've been playing with IdentityServer4. Absolutely love it.

I've been going through the tutorials on your site, specifically https://identityserver4.readthedocs.io/en/release/quickstarts/7_javascript_client.html

I have created a Profile Service that does the following:

public class ProfileService : IProfileService
{
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
context.IssuedClaims.Add(new Claim("test-claim", "test-value"));
return Task.FromResult(0);
}

public Task IsActiveAsync(IsActiveContext context)
{
context.IsActive = true;

return Task.FromResult(0);
}
}


This works great, my custom claim is visible in the log window of my JS client.

I put a break point on it just to inspect what is in the context, and I noticed it was getting hit twice. The caller properties were
ClaimsProviderAccessToken
and
UserInfoEndpoint
respectively. Why is this?

In my naivety I removed the
profile
scope from my js client, and in oidc-js config also removed the profile scope, and set
loadUserInfo: false
yet my
ProfileService
it is still called twice.

If my end goal is to set claims based on parameters from a database, I really I don't want to be doing this operaion twice, do I? (Genuine question -- I don't know). A 'solution' would be to only set them on "ClaimsProviderAccessToken" but there is something telling me that there will be a reason ProfileServices get called twice and that there is some importance of it setting the claims on both runs through.

P.s. I think there is a typo here https://github.com/IdentityServer/IdentityServer4/blob/dev/docs/quickstarts/8_entity_framework.rst Should this not be "Microsoft.EntityFrameworkCore.Tools.DotNet" in the
tools
section? and not "Microsoft.EntityFrameworkCore.Tools" I felt it inappropriate to create a new issue for something so trivial, and not necessarily wrong!

Answer Source

The profile service is called whenever IdentityServer needs to return claims about a user to a client applications.

If you request an identity and access token - it will get called twice (since you might be putting different claims into each token type).

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download