Asp.Net Core jwt token is transformed after authentication-CodePudding

I have Cognito id token with email claim.

  ..........
  "iat": 164456734,
  "jti": "81ac2634-e241-444f-88cf-eabf454644",
  "email": "[email protected]"
}

However, after asp net core jwt middleware authentication email claim is transformed from email type to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress - ClaimTypes.Email in C#.

But then I read the token manually:

var token = new JwtSecurityTokenHandler().ReadJwtToken(jwtToken);
var claimsIdentity = new ClaimsIdentity(token.Claims);
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity)

Claim type is not transformed and remains email.

Why in asp net core authentication claim is transformed to http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress?

Can I create claimsPrincipal manually having this email claim transformation without manually modifying Claims list?

CodePudding user response：

It has in fact been understood as ClaimTypes.Email, however the string returned by this property is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress (source).

The token is not transformed, unless specifically done so, rather parsed and understood as ClaimTypes.Email with the actual token not modified.

CodePudding user response：

So, Microsoft and OpenIDConnect have different opinions for what the email claim name should be and to disable this remapping you can do either:

public void ConfigureServices(IServiceCollection services)
{
    // By default, Microsoft has some legacy claim mapping that converts
    // standard JWT claims into proprietary ones. This removes those mappings.
    JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
    JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();



    // Or set this flag to false
    .AddJwtBearer(opt =>
    {
        ...
        opt.MapInboundClaims = false;
    });