Swashbuckle .net core

tonven · April 19, 2019, 10:24pm

Hi. I am using auth0 with .net core and swagger UI (swashbuckle package). Everything works as expected and I am getting token and scope permissions.
Still, I am not able to get email, openid and profile information from token, because this data is not included in token. I am talking now only about swagger UI.
Is there any specific configuration for Swagger or Auth0 that’s need to be done in order get this information into token?

I could find any example how to include additional claims to token.

Thank you.

dan.woda · April 19, 2019, 10:32pm

Could you post an example response you are receiving? Please make sure to omit sensitive data.

tonven · April 19, 2019, 10:53pm

{
“iss”: “https://domain.auth0.com/”,
“sub”: “auth0|…”,
“aud”: “https://example.api”,
“iat”: 1555704973,
“exp”: 1555712173,
“azp”: “…”,
“scope”: “read:books write:books”
}

tonven · April 19, 2019, 10:56pm

        services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            options.DefaultSignInScheme = JwtBearerDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;

        })
        .AddJwtBearer(options =>
        {
            options.Authority = Configuration["Auth0:Authority"];
            options.Audience = Configuration["Auth0:Audience"];
            options.RequireHttpsMetadata = false;
        });

        services.AddAuthorization(options =>
        {
            options.AddPolicy("read:books", policy => policy.Requirements.Add(new HasScopeRequirement("read:books", Configuration["Auth0:Authority"])));
            options.AddPolicy("write:books", policy => policy.Requirements.Add(new HasScopeRequirement("write:books", Configuration["Auth0:Authority"])));
        });

        services.AddSwaggerGen(c =>
        {
            c.SwaggerDoc("v1", new Info { Title = "Predictor API", Version = "v1" });
            var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
            var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
            c.IncludeXmlComments(xmlPath);

            c.AddSecurityDefinition("oauth2", new OAuth2Scheme
            {
                Type = "oauth2",
                Flow = "implicit",
                AuthorizationUrl = $"{Configuration["Auth0:Authority"]}authorize?audience={Configuration["Auth0:Audience"]}",
                Scopes = new Dictionary<string, string>
                {
                    { "read:books", "Access read book operations" },
                    { "write:books", "Access write book operations" }
                }
            });

            c.OperationFilter<SecurityRequirementsOperationFilter>();
        });

This is my code.

dan.woda · April 19, 2019, 11:13pm

Do you have any custom rules that limit scopes?

tonven · April 20, 2019, 7:12am

No, I don’t. Running request from SPA result in returning all required scopes.

tonven · April 23, 2019, 1:31pm

@dan.woda any other recommendations?

dan.woda · April 23, 2019, 3:41pm

@tonven Sorry for the delay, taking another look at this.

Take a look at scoping for a profile and email. You may need to add those to your request:

Just to double check, are you looking for an ID token or an access token?

tonven · April 24, 2019, 8:43am

I am looking for ID token. If I understand it correctly it should include openid and profile information.
For authorizationUrl I am providing audience in order to get it.
But I guess I am still getting access token. Do I need to use access token to get user information from Auth0 Api or I can directly get ID token using Swagger?