Asp.net core api User.Identity.Name null/empty

Tim_Bassett · April 19, 2021, 12:33am

I have a Blazor WASM application.
I am getting the id token and putting it in the header for a http api call to aws apigateway v2 http api.
In a controller method, I am spilling info to the log.

The token looks like this
{
“given_name”: “XXX”,
“family_name”: “XXX”,
“nickname”: “XXX”,
“name”: “XXXX”,
“picture”: “https://lh3.googleusercontent.com/a-/XXXXX=s96-c”,
“locale”: “en”,
“updated_at”: “2021-04-18T20:56:16.040Z”,
“iss”: “https://XXXXXX.auth0.com/”,
“sub”: "google-oauth2|987987987987,
“aud”: “XXXXXX”,
“iat”: 1618784322,
“exp”: 1618820322
}

In the lambda function backing the http api, all of the claims are there…

In the controller I am logging as below:

        LambdaLogger.Log($"{nameof(Ping)}{nameof(User)}={User}");
        LambdaLogger.Log($"{nameof(Ping)}{nameof(User.Identity)}={User.Identity}");
        LambdaLogger.Log($"{nameof(Ping)}{nameof(User.Identity.Name)}={User.Identity.Name}");
        LambdaLogger.Log($"{nameof(Ping)}{nameof(User.Claims)}={string.Join(Environment.NewLine,User.Claims.Select(_=>$"{_.Type}={_.Value}"))}");

But the “User.Identity.Name” is empty/null.

Why?

Tim_Bassett · April 19, 2021, 12:36am

Oh, I forgot to mention, the @context.User.Identity.Name works fine on the client side…(WASM)

konrad.sopala · April 19, 2021, 8:03am

Hey there!

I’m not a Blazor expert unfortunately but have you tried taking a look at one of our Blazor-related articles?

Tim_Bassett · April 20, 2021, 4:12am

I don’t think it has much to do with Blazor (yes, I know I mentioned it, sorry to confuse the issue).

This is in a pretty pure ASP.NET Core Web API that is happening. In the blazor wasm, the context.User.Identity.Name is working from the same token.

reuben.ahmed · April 15, 2024, 2:53pm

Tim, did you ever solve this? We’re facing this same issue (blazor wasm, self hosted, client can get okta auth from @context fine but server’s User.Identity.Name is empty).

andrea.chiarelli · April 15, 2024, 4:27pm

Hey @reuben.ahmed, this is an ASP.NET Core issue that has historical reasons.
The native JWT handler expects the OpenID Connect claim type name to be http://schemas.microsoft.com/ws/2008/06/identity/claims/name. So, you need to map the expected claim to the actual claim as follows:

var oidcOptions = new OpenIdConnectOptions
{ 
    TokenValidationParameters = new TokenValidationParameters
    {
        NameClaimType = "name"
    }
};

This applies to the role claim as well.

If you want to learn more about the historical reasons, read this article.