How to add claims to access token get from IdentityServer3 using resource owner flow with javascript client

Question

I use the resource owner flow with IdentityServer3 and send get token request to identity server token endpoint with username and password in javascript as below:

Answer 1

I find I can achieve this by replacing the default IClaimsProvider of IdentityServerServiceFactory.

The cusomized IClaimsProvider is as below:

public class MyClaimsProvider : DefaultClaimsProvider
{
    public MaccapClaimsProvider(IUserService users) : base(users)
    {
    }

    public override Task> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, Client client, IEnumerable scopes, ValidatedRequest request)
    {
        var baseclaims = base.GetAccessTokenClaimsAsync(subject, client, scopes, request);

        var claims = new List();
        if (subject.Identity.Name == "bob")
        {
            claims.Add(new Claim("role", "super_user"));
            claims.Add(new Claim("role", "asset_manager"));
        }

        claims.AddRange(baseclaims.Result);

        return Task.FromResult(claims.AsEnumerable());
    }

    public override Task> GetIdentityTokenClaimsAsync(ClaimsPrincipal subject, Client client, IEnumerable scopes, bool includeAllIdentityClaims, ValidatedRequest request)
    {
        var rst = base.GetIdentityTokenClaimsAsync(subject, client, scopes, includeAllIdentityClaims, request);
        return rst;
    }
}

Then, replace the IClaimsProvider like this:

// custom claims provider
factory.ClaimsProvider = new Registration(typeof(MyClaimsProvider));

The result is that, when the request for access token is sent to token endpoint the claims are added to the access_token.