implementing Custom JWT Token Validation in ASP.NET Core 6 with IdentityServer
I'm working on a personal project and I've been researching this but I've searched everywhere and can't find a clear answer. I'm working with an scenario with the validation of custom claims in the JWT token generated by IdentityServer4 in my ASP.NET Core 6 application. After logging in, the token appears to be generated correctly, but when making requests to my protected API endpoints, I receive a 403 Forbidden behavior, even though my claims seem to be present in the token. I've ensured that the token is not expired, and I can see the claims when I decode the JWT using jwt.io. However, I suspect that the claims are not being validated correctly in my Authorization policies. Here's a snippet of my `Startup.cs` where I configure IdentityServer: ```csharp services.AddIdentityServer() .AddInMemoryClients(Config.GetClients()) .AddInMemoryApiResources(Config.GetApiResources()) .AddInMemoryApiScopes(Config.GetApiScopes()) .AddInMemoryIdentityResources(Config.GetIdentityResources()) .AddDeveloperSigningCredential(); ``` For the authorization, I've set up a requirement for a specific claim in my controller: ```csharp [Authorize(Policy = "RequireCustomClaim")] public class MySecureController : ControllerBase { public IActionResult GetSecretData() { return Ok("This is protected data."); } } ``` And in my `Startup.cs`, I defined the policy like this: ```csharp services.AddAuthorization(options => { options.AddPolicy("RequireCustomClaim", policy => policy.RequireClaim("custom_claim_type")); }); ``` I've verified that the claim type matches what I've defined in the policy, but I still receive the forbidden response. To troubleshoot this, I've added logging and can see that the authorization middleware is indeed executing, but it's failing to match the claim when validating. Iβm not sure if this is a configuration scenario with IdentityServer or if thereβs something wrong with how claims are being treated during the authentication process. Any insights or suggestions for next steps to debug this would be greatly appreciated! I'm working on a application that needs to handle this. I'd really appreciate any guidance on this.