Persist claim issuers in server side sessions

hosts/EntityFramework/Pages/Account/Login/Index.cshtml.cs

@@ -11,7 +11,6 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;
-using static System.Runtime.InteropServices.JavaScript.JSType;
 
 namespace IdentityServerHost.Pages.Login;
 

src/Storage/Extensions/ClaimsPrincipalLiteExtensions.cs

@@ -19,7 +19,7 @@ public static class ClaimsPrincipalLiteExtensions
     /// </summary>
     public static ClaimsPrincipal ToClaimsPrincipal(this ClaimsPrincipalLite principal)
     {
-        var claims = principal.Claims.Select(x => new Claim(x.Type, x.Value, x.ValueType ?? ClaimValueTypes.String)).ToArray();
+        var claims = principal.Claims.Select(x => new Claim(x.Type, x.Value, x.ValueType ?? ClaimValueTypes.String, x.Issuer ?? ClaimsIdentity.DefaultIssuer)).ToArray();
         var id = new ClaimsIdentity(claims, principal.AuthenticationType, JwtClaimTypes.Name, JwtClaimTypes.Role);
 
         return new ClaimsPrincipal(id);
@@ -35,7 +35,9 @@ public static ClaimsPrincipalLite ToClaimsPrincipalLite(this ClaimsPrincipal pri
                 {
                     Type = x.Type,
                     Value = x.Value,
-                    ValueType = x.ValueType == ClaimValueTypes.String ? null : x.ValueType
+                    // Leave out default values, to avoid bloat
+                    ValueType = x.ValueType == ClaimValueTypes.String ? null : x.ValueType,
+                    Issuer = x.Issuer == ClaimsIdentity.DefaultIssuer ? null : x.Issuer
                 }).ToArray();
 
         return new ClaimsPrincipalLite

src/Storage/Stores/Serialization/ClaimLite.cs

@@ -11,4 +11,5 @@ public class ClaimLite
     public string Type { get; set; }
     public string Value { get; set; }
     public string ValueType { get; set; }
-}
+    public string Issuer { get; set; }
+}

test/IdentityServer.IntegrationTests/Hosting/ServerSideSessionTests.cs

@@ -21,6 +21,7 @@
 using Duende.IdentityServer;
 using Microsoft.AspNetCore.DataProtection;
 using Duende.IdentityServer.Extensions;
+using System.Security.Claims;
 
 namespace IntegrationTests.Hosting;
 
@@ -743,4 +744,24 @@ public async Task using_access_token_for_expired_session_should_fail()
             response.IsError.Should().BeTrue();
         }
     }
+
+
+    [Fact]
+    public async Task claim_issuers_should_be_persisted()
+    {
+        var claimWithCustomIssuer = new Claim("Test", "true", ClaimValueTypes.Boolean, "Custom Issuer");
+        var claimWithDefaultIssuer = new Claim("Test", "false", ClaimValueTypes.Boolean, ClaimsIdentity.DefaultIssuer);
+
+        var user = new IdentityServerUser("alice").CreatePrincipal();
+        user.Identities.First().AddClaim(claimWithCustomIssuer);
+        user.Identities.First().AddClaim(claimWithDefaultIssuer);
+
+        await _pipeline.LoginAsync(user);
+
+        var ticket = (await _sessionStore.GetSessionsAsync(new SessionFilter { SubjectId = "alice" })).Single()
+            .Deserialize(_protector, null);
+        var claims = ticket.Principal.Claims;
+        claims.Should().Contain(c => c.Issuer == "Custom Issuer" && c.Type == "Test");
+        claims.Should().Contain(c => c.Issuer == ClaimsIdentity.DefaultIssuer && c.Type == "Test");
+    }
 }