OutboundClaimTypeMap

By default, the JwtSecurityTokenHandler performs outbound claim type mapping when creating a new JwtSecurityToken.

For example, if you have the following set of claims:

var claims = new List<Claim>
{	
    new Claim(ClaimTypes.NameIdentifier, "myid")	
    new Claim(ClaimTypes.Email, "myemail")
};

// Input claims:
// [0] { Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Value = "myid"}
// [1] { Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", Value = "myemail"}

When passed into the JwtSecurityTokenHandler.CreateJwtSecurityToken() (or CreateToken()) method:

var handler = new JwtSecurityTokenHandler();
var token = handler.CreateJwtSecurityToken(
    issuer: issuer, 
    audience: audience, 
    subject: new ClaimsIdentity(claims), // claims are passed in here
    notBefore: notBefore,
    expires: expires,
    issuedAt: issuedAt,
    signingCredentials: signingCredentials,
    encryptingCredentials: encryptingCredentials);

Results in the following claims being found in the newly created JwtSecurityToken:

// Output token.Claims:
// [0] { Type = "nameid", Value = "myid" }
// [1] { Type = "email", Value = "myemail" }

If this behavior is not desirable, there are two ways that you can disable it. If you would like to disable this behavior for a particular instance of the JwtSecurityTokenHandler, simply call:

new JwtSecurityTokenHandler().OutboundClaimTypeMap.Clear();

However, if you would like to disable this feature for all instances of JwtSecurityTokenHandler you can do the following:

JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();

NOTE: This behavior does not occur if the token is created using the JwtSecurityToken constructor directly.

var token = new JwtSecurityToken(
    issuer: issuer,
    audience: audience,
    claims: claims,
    notBefore: DateTime.Now,
    expires: expires,
    signingCredentials: signing);