options.ClaimActions.Remove("given_name") not working #61797
Description
Is there an existing issue for this?
- I have searched the existing issues
Describe the bug
When I call options.ClaimActions.Remove("given_name") on an OpenIdConnectOptions, I do not get "given_name" as a claim. "given_name" is definitely in the JWT, and if I use options.MapInboundClaims = false, then "given_name" does show up in the claims, but it also disables any claim mappings that I have set.
Expected Behavior
"given_name" would be added to my identity's claims.
Steps To Reproduce
Call options.ClaimActions.Remove("given_name") when "given_name" is in the JWT.
Exceptions (if any)
No response
.NET Version
8
Anything else?
When I call options.ClaimActions.Remove("given_name"), I do see the "given_name" action removed from options.ClaimActions that is set by the constructor of OpenIdConnectOptions, but it doesn't seem to help, as "given_name" still does not show up in my claims, where "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" is in my claims, but not my JWT.
I see that if I call Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.DefaultInboundClaimTypeMap.Remove("given_name"), that it works and the "given_name" claim shows up, even without calling options.ClaimActions.Remove("given_name"). Is this the way this is expected to work? Shouldn't the call to ClaimActions.Remove take precedence over the default?
Ultimately, I want "given_name" to show up as a claim if it is in my JWT. What is the correct way to do this? I thought that it would be to call options.ClaimActions.Remove("given_name"), but maybe that is not how this feature was designed.