How can we improve Azure Web Apps?

EasyAuth Claims transformation/augmentation

Custom claims don't persist between requests in EasyAuth. Allowing to customize claims would be an enormous boost for EasyAuth.

1 vote
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Kyriakos AkriotisKyriakos Akriotis shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Kyriakos AkriotisKyriakos Akriotis commented  ·   ·  Flag as inappropriate

        Hi, thanks for reaching back. I am looking for custom claims injection that would persist between requests. I have managed to add custom claims via owin middleware and then inspect them via /.auth/me that are actually there. Problem is that in the next call, claims reset to initial state that EasyAuth provide. As a result my owin middleware identifies that has to reconstruct the claim as it is not there. Unfortunately building these custom claims requires some sort of background processing involving database calls and the overhead effort is prohibitory on per request basis. I have tried as well to seek a workaround by introducing a IAuthenticationSessionStore but it seems that EasyAuth bypass this as well because nothing is saved in the session store. Thanks in advance.

      • Azure App Service TeamAdminAzure App Service Team (Admin, Microsoft Azure) commented  ·   ·  Flag as inappropriate

        Could you please provide more detail? Are you looking for custom claims injection, or just a way of referencing existing claims from the identity provider? While the JWT issued by App Service Authentication / Authorization does not contain provider claims, these are always available by referencing the /.auth/me endpoint (requires authentication).

      Feedback and Knowledge Base