Skip to content

Commit 48209bb

Browse files
ismcagdasismcagdas
committed
Updated OpenID documentation
1 parent e3b5445 commit 48209bb

File tree

2 files changed

+16
-3
lines changed

2 files changed

+16
-3
lines changed

docs/en/Features-Angular-Social-Logins.md

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,8 @@ ASP.NET Zero supports social media logins and external logins as well. To enable
2525
"ClientId": "",
2626
"Authority": "",
2727
"LoginUrl": "",
28-
"ValidateIssuer": "true"
28+
"ValidateIssuer": "true",
29+
"ClaimsMapping: []
2930
},
3031
"WsFederation": {
3132
"IsEnabled": "false",
@@ -62,10 +63,22 @@ In addition to social logins, ASP.NET Zero includes OpenId Connect Login integra
6263
"ClientId": "",
6364
"Authority": "",
6465
"LoginUrl": "",
65-
"ValidateIssuer": "true"
66+
"ValidateIssuer": "true",
67+
"ClaimsMapping: []
6668
}
6769
```
6870

71+
In some cases, OpenId Connect provider doesn't return claims we want to use. For example, Azure AD doesn't return "nameidentifier" claim but ASP.NET Core Identity uses it to find id of the user. So, in such cases, we can use **ClaimsMapping** to map claims of provider to custom claims. AspNet Zero will find the claim with **key** and will map it to internal claim with **claim** value in the mapping. For the following configuration, external **objectidentifier** will be mapped to internal **nameidentifier** claim.
72+
73+
````json
74+
"ClaimsMapping": [
75+
{
76+
"claim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
77+
"key": "http://schemas.microsoft.com/identity/claims/objectidentifier"
78+
}
79+
]
80+
````
81+
6982
If you are using Azure AD for OpenID Connect and your app is multi-tenant on Azure side, then you need to disable issuer validation, so all Azure AD users can use your app. Note that, multi-tenant app here is the one you have created oSocial logins can be enabled and configured from [server-side](Features-Mvc-Core-Social-Logins). Once they are properly configured, they are automatically shown in the user interface.
7083

7184
Note that currently "ValidateIssuer" setting is not affective because the used client side library doesn't support disabling issuer validation.

docs/en/Features-Mvc-Core-Social-Logins.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ In addition to social logins, ASP.NET Zero includes OpenId Connect Login integra
6262
}
6363
```
6464

65-
In some cases, OpenId Connect provider doesn't return claims we want to use. For example, Azure AD doesn't return "nameidentifier" claim but ASP.NET Core Identity uses it to find id of the user. So, in such cases, we can use **ClaimsMapping** to map claims of provider to custom claims.
65+
In some cases, OpenId Connect provider doesn't return claims we want to use. For example, Azure AD doesn't return "nameidentifier" claim but ASP.NET Core Identity uses it to find id of the user. So, in such cases, we can use **ClaimsMapping** to map claims of provider to custom claims. AspNet Zero will find the claim with **key** and will map it to internal claim with **claim** value in the mapping. For the following configuration, external **objectidentifier** will be mapped to internal **nameidentifier** claim.
6666

6767
```json
6868
"ClaimsMapping": [

0 commit comments

Comments
 (0)