What is a ProfileService/When is a ProfileService executed?
I've been playing with IdentityServer4. Absolutely love it.
I've been going through the tutorials on your site, specifically https://identityserver4.readthedocs.io/en/release/quickstarts/7_javascript_client.html
I have created a Profile Service that does the following:
public class ProfileService : IProfileService
{
public Task GetProfileDataAsync(ProfileDataRequestContext context)
{
context.IssuedClaims.Add(new Claim("test-claim", "test-value"));
return Task.FromResult(0);
}
public Task IsActiveAsync(IsActiveContext context)
{
context.IsActive = true;
return Task.FromResult(0);
}
}
This works great, my custom claim is visible in the log window of my JS client.
I put a break point on it just to inspect what is in the context, and I noticed it was getting hit twice. The caller properties were ClaimsProviderAccessToken and UserInfoEndpoint respectively. Why is this?
In my naivety I removed the profile scope from my js client, and in oidc-js config also removed the profile scope, and set loadUserInfo: false yet my ProfileService it is still called twice.
If my end goal is to set claims based on parameters from a database, I really I don't want to be doing this operaion twice, do I? (Genuine question -- I don't know). A 'solution' would be to only set them on "ClaimsProviderAccessToken" but there is something telling me that there will be a reason ProfileServices get called twice and that there is some importance of it setting the claims on both runs through.
Answer
The profile service is called whenever IdentityServer needs to return claims about a user to a client applications.
If you request an identity and access token - it will get called twice (since you might be putting different claims into each token type).