Add support for custom token claims in BaseAuthController

Vadim Belov · Vadim Belov · commit c5a6588ade2a · 2026-01-27T11:41:41.000-08:00
Introduce virtual GetAdditionalTokenClaims method to allow derived controllers to add custom claims to authentication tokens. Update CreateAccessToken to include these claims in JWT generation. Add XML documentation for the new method.
diff --git a/Sources/EasyExtensions.AspNetCore.Authorization/Controllers/BaseAuthController.cs b/Sources/EasyExtensions.AspNetCore.Authorization/Controllers/BaseAuthController.cs
@@ -379,6 +379,17 @@ public virtual TimeSpan GetCookieExpirationTime()
             return TimeSpan.FromDays(30);
         }
 
+        /// <summary>
+        /// Retrieves additional token claims for the specified user to be included in authentication tokens.
+        /// </summary>
+        /// <param name="userId">The unique identifier of the user for whom to retrieve additional token claims.</param>
+        /// <returns>An enumerable collection of key-value pairs representing additional claims to be added to the user's
+        /// authentication token. The collection is empty if no additional claims are available.</returns>
+        public virtual IEnumerable<KeyValuePair<string, string>> GetAdditionalTokenClaims(Guid userId)
+        {
+            return [];
+        }
+
         private string CreateAccessToken(Guid userId, IEnumerable<string> roles)
         {
             return _tokenProvider.CreateToken(cb =>
@@ -388,6 +399,10 @@ private string CreateAccessToken(Guid userId, IEnumerable<string> roles)
                 {
                     cb.Add(ClaimTypes.Role, role);
                 }
+                foreach (var claim in GetAdditionalTokenClaims(userId))
+                {
+                    cb.Add(claim.Key, claim.Value);
+                }
                 return cb;
             });
         }

Original file line number	Diff line number	Diff line change
`@@ -379,6 +379,17 @@ public virtual TimeSpan GetCookieExpirationTime()`
`379`	`379`	`return TimeSpan.FromDays(30);`
`380`	`380`	`}`
`381`	`381`
	`382`	`+ /// <summary>`
	`383`	`+ /// Retrieves additional token claims for the specified user to be included in authentication tokens.`
	`384`	`+ /// </summary>`
	`385`	`+ /// <param name="userId">The unique identifier of the user for whom to retrieve additional token claims.</param>`
	`386`	`+ /// <returns>An enumerable collection of key-value pairs representing additional claims to be added to the user's`
	`387`	`+ /// authentication token. The collection is empty if no additional claims are available.</returns>`
	`388`	`+ public virtual IEnumerable<KeyValuePair<string, string>> GetAdditionalTokenClaims(Guid userId)`
	`389`	`+ {`
	`390`	`+ return [];`
	`391`	`+ }`
	`392`	`+`
`382`	`393`	`private string CreateAccessToken(Guid userId, IEnumerable<string> roles)`
`383`	`394`	`{`
`384`	`395`	`return _tokenProvider.CreateToken(cb =>`
`@@ -388,6 +399,10 @@ private string CreateAccessToken(Guid userId, IEnumerable<string> roles)`
`388`	`399`	`{`
`389`	`400`	`cb.Add(ClaimTypes.Role, role);`
`390`	`401`	`}`
	`402`	`+ foreach (var claim in GetAdditionalTokenClaims(userId))`
	`403`	`+ {`
	`404`	`+ cb.Add(claim.Key, claim.Value);`
	`405`	`+ }`
`391`	`406`	`return cb;`
`392`	`407`	`});`
`393`	`408`	`}`