.net core 3 - b2c roles auth - claim injection not working

Question

I'm trying to inject a custom claim to the AzureB2C claim to get role based authorisation working.

The dev stack is:

VS2019 Preview 16.3 - .net Core 3.0 Preview 9 - Blazor Server-side. Azure App Service. B2C Email+LinkedIn.

https://blog.denious.net/azure-b2c-role-based-authorization-part-1/

It seems this should work, but at least in .net core 3 it doesn't.

I have also modified the suggested solution to rather use OpenIDConnect scheme and event:

services.PostConfigure<OpenIdConnectEvents>(AzureADB2CDefaults.OpenIdScheme,
        options =>
        {
        options.OnTokenValidated = context =>
            {
                // since we're using AADB2C only, the first identity is the only identity
                var identity = context.Principal.Identities.First();

                Trace.WriteLine("Inside OnTokenResponseReceived");

                // add our test role to the identity's claims collection with the right type
                var extraClaim = new Claim(identity.RoleClaimType, "Extra");
                identity.AddClaim(extraClaim);

                return Task.CompletedTask;
            };
        });

It seems that OnTokenValidated never fires for either JwtBearerEvents or OpenIdConnectEvents - despite me clearly being logged in and authn having worked.

Answer 1

I managed to finally get this working using the IClaimTransformation approach from https://davidwalschots.com/how-to-add-additional-claims-to-the-httpcontext-user/

I'd be happy to hear from anybody if there are any gotchas, warnings etc from this approach.