Not Receiving Email With .NET
Good Day,
I am trying to get email back with my claims and not figuring out how to get that working. I am signing in using an email address.
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
builder.Configuration.Bind("Authentication:Schemes:OpenIdConnect", options);
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("offline"); });
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("offline"); });
3 Replies
Hi Kovak,
Thanks for reaching out.
How are you integrating your .NET app to Kinde?
Are you using the Kinde .NET SDK? If so, what SDK version are you using?
Or some through API, or OpenID Connect?
Once we know more about your setup, we can help you troubleshoot this further.
Looking forward to hearing back from you.
I am using the OpenID Connect:
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
Version 9.0.5
Hi there,
Thanks for providing the details.
I am taking this over since Oliver is on leave.
Looking at your ASP.NET OpenID Connect configuration, your scope setup appears correct for retrieving email claims. You're already adding the required scopes including
"email". However, there are a few configuration aspects to verify:
1. Verify your complete configuration - Make sure your appsettings.json includes the proper Kinde configuration:
"Authentication": {
"Schemes": {
"OpenIdConnect": {
"Authority": "<your_kinde_domain>",
"ClientId": "<your_client_id>",
"ClientSecret": "<your_client_secret>",
"MapInboundClaims": false,
"ResponseType": "code"
}
}
}
2. Check claim mapping - The "MapInboundClaims": false setting is important as it prevents ASP.NET from transforming the incoming claims.
3. Verify callback URL - Ensure your Kinde application has the correct callback URL configured, which should look like https://localhost:<local_port>/signin-oidc for local development.
4. Access the email claim - Once authenticated, you should be able to access the email claim from the user's identity in your controller or middleware.
The email information should be available in the ID token when the "email" scope is properly requested and your Kinde application is configured correctly. JWT claims in the payload section provide essential information about the user, including email when the appropriate scope is requested.
If you're still not seeing the email claim, verify that your Kinde application settings allow the email scope and that the user has an email address associated with their account.