In Blazor Web App Server authentication Azure missing iss claims

Question

Hello,

I followed this guide to create a Blazor Web App (server) with azure athentication
https://learn.microsoft.com/it-it/entra/identity-platform/tutorial-blazor-server

and it works.

here the authentication part:

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
        .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
            .AddMicrosoftGraph(builder.Configuration.GetSection("DownstreamApi"))
            .AddInMemoryTokenCaches();

My problem is that in my claims there is no "iss" (see attachment)

How can I add it?

Screenshot 2024-05-14 101503.png

Thank you

Stefania

Answer 1

iss: is part of the token verification and not typically considered a claim. you can map to user principal claims as a custom claim:

https://learn.microsoft.com/en-us/aspnet/core/security/authentication/claims?view=aspnetcore-8.0#mapping-claims-using-openid-connect-authentication

using transformation:

public class IssuerClaimsTransformation : IClaimsTransformation
{
    public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
    {
        var claimType = "issuer";
        if (!principal.HasClaim(claim => claim.Type == claimType))
        {
            var issuer = principal.Claims.First().Issuer;
            var claimsIdentity = new ClaimsIdentity();
            claimsIdentity.AddClaim(new Claim(claimType, issuer));
            principal.AddIdentity(claimsIdentity);
        }
        return Task.FromResult(principal);
    }
}

and register:

builder.Services.AddTransient<IClaimsTransformation, IssuerClaimsTransformation>();