I would like to ask you for clarification when integrating IdentityServer 4 with ASP.NET Identity.
I am working with two database contexts.
Microsoft.AspNetCore.Identity.EntityFrameworkCore.IdentityDbContext<IdentityUser> and IdentityServer4.EntityFramework.DbContexts.ConfigurationDbContext.
Identity Server 4 is using AspNetIdentity .AddAspNetIdentity<IdentityUser>().
So IdentityUser has assigned IdentityUserClaims and it's properly reflected in JWT token after successfull authentication.
Question now is, what is with the IdentityResource and IdentityClaim:UserClaim from IdentityServer4 ConfigurationDbContext? As claims are now used from aspnet identities, this entity is not used at all. Am I right?
Another question is how ApiScopeClaims are now in game? They are still used by the Identity Server because of ApiScope for which token is issued for. Right? But now it's up to me to keep in sync ApiScopeClaim and IdentityUserClaim which are from different db contexts.
Last Question is regarding IdentityRoles and IdentityRoleClaims which are not the same as IdentityUserClaims. What's the idea behind? In my idea, role is grouping of claims for specific business role for easier management, therefore role should not define new claims but reference set of IdentityUserClaims. Additionaly, I created role, assigned to user, corresponding claim types assigned to scope and result is that - claims which are assigned to role and user has this role are not included in JWT. Why?
Thank you for your answers.
