IUserInfoProvider Interface
Abblix.Oidc.Server
Abblix.Oidc.Server.Features.UserInfo
IUserInfoProvider Interface
Provides functionality to retrieve user information as JWT claims, supporting both simple and structured claim values. This interface enables the dynamic extraction and packaging of user attributes into JWT claims, accommodating a variety of claim types including those that require complex, structured data beyond traditional scalar values.
public interface IUserInfoProvider
Methods
IUserInfoProvider.GetUserInfoAsync(AuthSession, IEnumerable<string>) Method
Asynchronously retrieves a set of user claims for an authenticated session, including both simple and structured claim values as requested by the client application. This method supports the OpenID Connect specification by allowing for the selective disclosure of user information, catering to the need for complex data structures within claims.
System.Threading.Tasks.Task<System.Text.Json.Nodes.JsonObject?> GetUserInfoAsync(Abblix.Oidc.Server.Features.UserAuthentication.AuthSession authSession, System.Collections.Generic.IEnumerable<string> requestedClaims);
Parameters
authSession AuthSession
The authentication session containing the user's subject identifier and additional authentication context. This provides access to authentication-specific claims such as the email used during authentication, which may differ from the user's primary email stored in the database.
requestedClaims System.Collections.Generic.IEnumerable<System.String>
A collection of names representing the claims requested by a client application. Implementations should check against this list to return only those claims that are requested and authorized for release, including both scalar values and structured data as necessary.
Returns
System.Threading.Tasks.Task<System.Text.Json.Nodes.JsonObject>
A task that resolves to a System.Text.Json.Nodes.JsonObject, encapsulating the user's claims where each entry consists of
a claim name and its value. The value can be a simple scalar value (e.g., a string or number) or a structured
object, allowing for complex data types to be represented. Returns null if no information is available for the
given subject. The use of System.Text.Json.Nodes.JsonObject facilitates the representation of hierarchical data within
claims,
supporting richer and more detailed user profiles.
Remarks
Implementers should ensure that the disclosure of user information complies with applicable privacy laws and the principles of data minimization. Sensitive or personal information must only be shared with explicit user consent and in a secure manner. In cases where the requested user or claims are not found, returning null or an empty System.Text.Json.Nodes.JsonObject helps maintain privacy and security. Implementations should prioritize authentication session claims (such as authSession.Email) over database values to preserve the exact authentication context, especially for external provider authentications.