How does AddClaimsToRequest work?

[TimmyGilissen]

Hi,

I'm trying to figure out how AddClaimsToRequest actually works and, how I can use it in my client API?

The AddHeadersToRequest works perfectly and I can see the headers that are passed to the client API

Does anyone have some experience that they can share with me ?

Thx.

[WeihanLi]

You may wanna see the Claims Transformation docs firstly!
if you wanna get a deep understand for how claims transform work, you may wanna have a look at the source code.

When you access an API, the Ocelot will check authentication, and if the user have a permission for the API. If authenticated successfully, Ocelot will get the claims of the user, and if you config ClaimsToRequest (Header/Query), the middleware will invoke after authenticated and before request the downstream.

• AddHeadersToRequest

[Ashish1662]

I am facing same issue. AddHeadersToRequest works perfectly fine, but when I try AddClaimsToRequest it adds nothing in the downstream request User.Claims.

Am I missing something? Also, when I try to access Claims in ocelot gateway middleware, then Claims are also empty. Below is my start up code:

        public void ConfigureServices(IServiceCollection services)
        {            
            services.AddOcelot(Configuration);

            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("my key"));
            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer("TestKey", opt =>
            {
                opt.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey = key,
                    ValidateAudience = false,
                    ValidateIssuer = false,
                    ValidateLifetime = true,
                    ClockSkew = TimeSpan.Zero,
                };
            });

            services.AddHttpContextAccessor();
            services.AddCors(opt =>
            {
                opt.AddPolicy("CorsPolicy", policy =>
                {
                    policy.AllowAnyHeader()
                    .AllowAnyMethod()
                    .AllowAnyOrigin();
                });
            });
        }

        public async void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            app.UseMiddleware<ErrorHandlingMiddleware>();
            app.UseCors("CorsPolicy");
            app.UseMiddleware<RequestResponseLoggingMiddleware>();
            app.UseAuthentication();
            app.UseAuthorization();
            app.UseMiddleware<AuthorizationMiddleware>(Permissions);
            await app.UseOcelot();
        }

[raman-m]

@Ashish1662 Are you still facing this problem? Or fixed and implemented?

[abhiphirke]

I too have the same issue: how AddClaimsToRequest work? how to receive claims in downstream service in case of AddClaimsToRequest? The documentation is not adequate, it seems. Also, had a look at the code, but got no hints as to how I retrieve them in downstream service or even view them in the downstream http request..

[raman-m]

Do you have exactly the same issue?