How to get the user identifier in an ASP.NET Core API?

When you use the API authorization features to obtain an access token to call your own API on behalf of a given end-user the user_id is included in the access token in the sub claim.

You then configure your API in accordance to the associated quickstart:

var options = new JwtBearerOptions
{
    Audience = Configuration"Auth0:ApiIdentifier"],
    Authority = $"https://{Configuration"Auth0:Domain"]}/"
};
app.UseJwtBearerAuthentication(options);

When you do the above and include the [Authorize] attribute in a given route the information contained in the received access token will be mapped to a claims principal that you can access at your route method through the use of this.User.

By default the JWT authentication handler in .NET will map the sub claim of a JWT access token to the System.Security.Claims.ClaimTypes.NameIdentifier claim type, which means that in order to access the user identifier you can do the following:

Debug.WriteLine($"UserId: {this.User.FindFirst(ClaimTypes.NameIdentifier).Value}");

If you want to map the sub JWT claim to a different claim you can do so by configuring the claim type mapping of the JWT security handler, something like:

JwtSecurityTokenHandler.DefaultInboundClaimTypeMap[JwtRegisteredClaimNames.Sub] = ClaimTypes.Upn;

With the above configuration the user identifier would now be available in the Upn claim type instead of the default NameIdentifier.

1 Like