From dde49a8f0059022982014e9df44bddc75a0f76ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Tue, 20 Feb 2024 16:34:49 +0100
Subject: [PATCH] Don't include the OpenIddict private claims in the merged
 principal

---
 src/OpenIddict.Client/OpenIddictClientHandlers.cs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/OpenIddict.Client/OpenIddictClientHandlers.cs b/src/OpenIddict.Client/OpenIddictClientHandlers.cs
index 80ea70a6..8227a1e0 100644
--- a/src/OpenIddict.Client/OpenIddictClientHandlers.cs
+++ b/src/OpenIddict.Client/OpenIddictClientHandlers.cs
@@ -4061,6 +4061,12 @@ public static partial class OpenIddictClientHandlers
                             continue;
                         }
 
+                        // Ignore the OpenIddict private claims.
+                        if (claim.Type.StartsWith(Claims.Prefixes.Private, StringComparison.OrdinalIgnoreCase))
+                        {
+                            continue;
+                        }
+
                         identity.AddClaim(claim);
                     }
                 }