Replies: 1 comment 1 reply
-
a). For some reason, the NuGet Package By default, the following claims are included in the
If there are some claims missing, you must either add a custom
Thanks to this statement, two new claims will be added to the UserIdentity. For more information, please refer to the official documentation : https://learn.microsoft.com/en-us/aspnet/core/security/authentication/claims?view=aspnetcore-8.0#mapping-claims-using-openid-connect-authentication b). In all other Identity Server implementations, such as Keycloak, the c). If you use the statement above, there is no need to write a custom |
Beta Was this translation helpful? Give feedback.
-
Hello !
I am currently testing the new functionality with multi-value scopes.
Please note that when I return one role claim everything works fine.
What I have done so far is added on user 2 claims with key "role".
In the client service registration, I have used the ClaimActions.MapAll(); and in the scope request I added a scope "role".
So in principle claims i have a result => "role" : [xxx-global-admin,yyy-global-admin]
Right now i am getting :
RolesAuthorizationRequirement: User.IsInRole must be true for one of the following roles: (xxx-global-admin)
So my question is the following :
a)Is this a normal behaviour?
b) Would be better if the role claim in the access token and user info response was a repeatable key like the aud claim?
options.Events = new CookieAuthenticationEvents()
{
OnValidatePrincipal = async context =>
{
await Task.CompletedTask;
}
};
c) do I need to write a custom IsInRole function validation to work with the current implementation?
Beta Was this translation helpful? Give feedback.
All reactions