diff --git a/src/Umbraco.Web/Security/BackOfficeClaimsIdentityFactory.cs b/src/Umbraco.Web/Security/BackOfficeClaimsIdentityFactory.cs
index fbc24d2cd9..df31621462 100644
--- a/src/Umbraco.Web/Security/BackOfficeClaimsIdentityFactory.cs
+++ b/src/Umbraco.Web/Security/BackOfficeClaimsIdentityFactory.cs
@@ -25,8 +25,24 @@ namespace Umbraco.Web.Security
///
public override async Task CreateAsync(UserManager manager, T user, string authenticationType)
{
+ // TODO: This does not automatically apply claims from the User to the identity/ticket
+ // So how can we flow Claims from the external identity to this one?
+ // And can we do that without modifying the core? Can we replace the BackOfficeClaimsIdentityFactory easily? I don't actually think so...
+ // we would need to replace the whole user manager to do that... can that be done in v7?
+ // It could certainly be possible to just flow the Claims attached to user T to this identity
+ // Another hack would be to modify the user manager to "SupportsUserClaim" and have an in-memory store of user claims for the user id
+ // which would automatically be added with the base.CreateAsync.
+ // Another way would be to persist the extra claims with the OnExternalLogin call into the extra storage for the user
+ // and then implement SupportsUserClaim to extract the data from that extra storage. Not sure how backwards compat that is.
+
var baseIdentity = await base.CreateAsync(manager, user, authenticationType);
-
+
+ // now we can flow any custom claims that the actual user has currently assigned which could be done in the OnExternalLogin callback
+ foreach (var claim in user.Claims)
+ {
+ baseIdentity.AddClaim(new Claim(claim.ClaimType, claim.ClaimValue));
+ }
+
var umbracoIdentity = new UmbracoBackOfficeIdentity(baseIdentity,
user.Id,
user.UserName,