Serializing claims principal Actor

[gustavdw]

Confirm you've already contributed to this project or that you sponsor it

• [X] I confirm I'm a sponsor or a contributor

Version

3.x

Question

Populating the ClaimsPrincipal Actor (https://docs.microsoft.com/en-us/dotnet/api/system.security.claims.claimsidentity.actor?view=net-6.0) with claims of the actor identity having the destinations for accesstoken and identity token set, the actor object is still not serialized into the resulting access token or identity token as the actor object.

Setting a destination on the actor object itself doesn't seem to be possible, is there no support for the actor property?Are there any workarounds that you know of to be able to successfully serialize an actor identity into openiddict tokens?

Many thanks.

[kevinchalet]

Setting a destination on the actor object itself doesn't seem to be possible, is there no support for the actor property?

OpenIddict itself has always supported the ClaimsIdentity.Actor property (which is correctly preserved when the "main" principal you create before calling SignIn is copied to create token-specific principals like AccessTokenPrincipal) but this scenario regressed at some point in IdentityModel, that no longer supports serializing it.

If you take a look here, you'll see the ClaimsIdentity.Actor property is not used to create an actort claim, which is something that was supported in older versions of IM.

I'd suggest opening a ticket there so it can be fixed on their side (don't forget to add a link to this ticket).

Cheers.