Provide an IAuthorizationFilter to filter accepted scopes #849
Comments
|
See in particular this comment (#65 (comment)) on how to return a custom error message |
7 tasks
|
Included in 1.6.0 release. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
The current version of microsoft-identity-web provides the ScopesRequiredHttpContextExtensions.VerifyUserHasAnyAcceptedScope(HttpContext, String[]) Method to verify that the user authenticated in the web API has any of the accepted scopes.
This method must be called in the API methods you are implementing. In some situations this is a repeating activity with repeating code.
Describe the solution you'd like
I wanted to improve the situation by providing an IAuthorizationFilter decorator for API classes and methods like this:
I ended up using the existing code implemented for VerifyUserHasAnyAcceptedScope and came with this Gist.
I am wondering if such a technique could become a part of the library. Personally, it feels more natural using the attributes as suggested here.
Describe alternatives you've considered
Implement it by my own
Additional context
Reference issue #65
The text was updated successfully, but these errors were encountered: