Overriding the NameClaimType when using the ASP.NET Core OpenID Connect middleware

1 minute read

When using the ASP.NET Core OpenID Connect middleware, after a user has signed in you can access the name of the user by using the User.Identity.Name property. What this does under the cover is to look for the http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name claim type and then return that value.

In the case of Auth0, we actually return a user’s name in the name claim of an id_token and this does not get automatically mapped to the http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name claim type. So previously in our ASP.NET Core Quickstart I actually wrote a whole bunch of code demonstrating how to handle the OnTicketReceived event to read the name claim, and use that value to add a claim of the type http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name to ensure that everything works correctly.

Turns out there is a much easier way as a user pointed out to me.

All you need to do is to specify the NameClaimType of the TokenValidationParameters property of the OpenIdConnectOptions. So in the case of an Auth0 id_token, you need to specify the NameClaimType with a value of name:

var options = new OpenIdConnectOptions("Auth0")
    // .. some code omitted for brevity ..

    // Set the correct name claim type
    TokenValidationParameters = new TokenValidationParameters
        NameClaimType = "name"

Now, every time you get the user’s name through the User.Identity.Name property, it will look for the value of the name claim on the user, and return the correct value for the user’s name.

Did you notice an error? Please help me and the other readers by heading over to the GitHub repo for this blog and submit a Pull Request with the corrections.