The problem is that the claims are not added to the access token.
There are two tokens, the access token and the identity token.
When you want to add claims to the identity token, then you’ll have to configure the IdentityResource. If you want to add claims to the access token, then you’ll have to configure the ApiResource (or scope).
This should fix it for you:
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("api1", "My API"),
new ApiResource("roles", "My Roles", new[] { "role" })
};
}
Make sure the client (postman) requests the roles
scope.
I did test it with the sample code from IdentityServer. In my setup I’ve added the role ‘TestUser’ to alice:
new TestUser
{
SubjectId = "1",
Username = "alice",
Password = "password",
Claims = new List<Claim> { new Claim("role", "TestUser") }
},
The Postman call, please note the requested scope:
The access token including the role claim: