Persist custom returned claims (id_token/id_token_hint)

[mistyn8]

Sorry for the loads of requests..

So still on with identity server 4, and trying to sort the logout.. In order to do that, I need to pass the id_token_hint returned from the original authentication.

I can see it being returned and can store it against the umbraco member profile at the ExternalLoginConfirmation callback

info.ExternalIdentity.Claims.FirstOrDefault(c => c.Type == "id_token_hint").Value

but should this really be stored in the user.Indentity.claims collection, which looks like it strips any of the claims returned other than the specific umbraco mapped ones?

Again any help in this regard really appreciated. :-)

[stokesy43]

In my article https://pstokes.co.uk/posts/umbraco-members-and-identity-server-part-3/

I show how to store claims returned back from identity server in the local identity without the need for a umbraco member. You would then be able to store the id_token_hint claim locally and use it in the RedirectToIdentityProvider notification event. Something like this:

RedirectToIdentityProvider = n =>
                    {
                        // if signing out, add the id_token_hint
                        if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
                        {
                            var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");

                            if (idTokenHint != null)
                            {
                                n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
                            }

                        }

                        return Task.FromResult(0);
                    }

[Shazwazza]

If anyone could help out with this project to get this done automatically and always working for any provider let me know. I "think" this is basically the same topic as this? https://github.com/Shazwazza/UmbracoIdentity/issues/56#issuecomment-454243801