When the SDK performs a callback the token contains an email claim. However, the JWT Token returned by the OAuth flow does not contain an email claim. We want to use OAuth flow because we want to use swagger, and it’s not clear how to integrate the auth0 sdk with swagger. How can I get an email claim added to OAuth flow? Posting code below.
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Mvc.Authorization;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models;
using Microsoft.TeamFoundation.WorkItemTracking.WebApi;
using Microsoft.VisualStudio.Services.Common;
using [...];
var builder = WebApplication.CreateBuilder(args);
var config = new ConfigurationBuilder()
.AddJsonFile("appsettings.json").Build()
.GetSection("Settings").Get<Settings>();
builder.Services.AddControllers();
builder.Services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = config.Auth0.Domain;
options.Audience = config.Auth0.Audiences.First();
options.MetadataAddress = $"https://{config.Auth0.Domain}/.well-known/openid-configuration";
options.TokenValidationParameters = new TokenValidationParameters
{
ValidAudiences = config.Auth0.Audiences,
ValidateAudience = true,
ValidateLifetime = true
};
});
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(options=>
{
options.SwaggerDoc("v1", new OpenApiInfo
{
Title = "Title",
Version = "v1"
});
options.AddSecurityDefinition(JwtBearerDefaults.AuthenticationScheme, new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
Implicit = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri($"https://{config.Auth0.Domain}/authorize/?audience={config.Auth0.Audiences.First()}"),
TokenUrl = new Uri($"https://{config.Auth0.Domain}/oauth/token"),
RefreshUrl = new Uri($"https://{config.Auth0.Domain}/oauth/token"),
}
},
In = ParameterLocation.Header,
}); ;
var reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = JwtBearerDefaults.AuthenticationScheme };
options.AddSecurityRequirement(new OpenApiSecurityRequirement { { new OpenApiSecurityScheme { Reference = reference }, new List<string>() } });
});
builder.Services.AddMvc().AddMvcOptions(options =>
{
options.Filters.Add(new AuthorizeFilter());
});
var app = builder.Build();
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI(options =>
{
options.OAuthClientId(config.Auth0.ClientId);
options.OAuthClientSecret(config.Auth0.ClientSecret);
});
app.UseDeveloperExceptionPage();
}
app.UseHttpsRedirection();
app.UseAuthentication();
app.MapControllers();
app.Run();