My goal is to have access to those claims in my WebAPI application and currently, I only receive claims from the token generated by Auth0. I thought to create a rule (base on the SAML mapping template) to pass those claims from Auth0 to my application but without success.
So my question is: giving the fact that I want to receive my ADFS server claims to my WebAPI, what is the best way to achieve this?
Not sure if I understood you correctly so let me clarify a bit. The claims should be in the JWT token and if you send them to your web app, you should be able to see them.
To give you a wide overview. The end result of an Auth0 authentication will be either an access token, an ID token, or a code.
If you are using a code, you can exchange it for an access/ID token, and then the access token can be exchanged for the user profile.
If yo are using an Access Token, you can directly exchange it for the user profile.
If you are using an ID Token, the ID Token will contain information with regards to the requested OIDC scopes when doing the authentication.
All of them will contain some user information, and the idea is that you will only be getting back what you’re requesting in scopes. For a full profile, you request openid email profile, if you just want the email you request email and so on.
Now, with tokens, you only get back OIDC standard claims, which means that you get back a set of standard claims that conform to OIDC standards. If you want to get anything else than that in your tokens that is not standard, you would have to create custom claims (OpenID Connect Scopes)
Rules You can enrich your Access/ID Tokens through a rule, where you can read other profile properties or even app/user metadata.
I re-read the doc about the custom claims and was able to retrieve the custom claims I need to have with a simple rule. Not quite sure why I didn’t got it the first time ;). My issue is resolved.