kuns/mealplanner
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: disable JWT inbound claim mapping for Zitadel sub claim

Browse Source 
.NET remaps "sub" to a long URI claim type by default, causing
User.FindFirst("sub") to return null. MapInboundClaims=false
preserves the original claim names.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude
2026-04-16 07:13:17 +00:00
parent 16a8bb1ae5
commit 2004883e02
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
backend/Program.cs
View File

@@ -20,6 +20,7 @@ builder.Services.AddAuthentication("Bearer")
{
options.Authority = builder.Configuration["Zitadel:Issuer"] ?? "https://auth.kuns.dev";
options.Audience = builder.Configuration["Zitadel:ClientId"] ?? "";
options.MapInboundClaims = false; // Prevent .NET from remapping "sub" to long URI
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
ValidateIssuer = true,