Menu
I am using ASP.NET Core with OpenIddict, JWT, Resource Owner Grant and claims-based role. Authorization without enforcing any policy is working as expected.
I want to enforce authorisation policies on some controllers and action methods. All my users have role claims, so I did the following in the Startup:
services.AddAuthorization(options =>
{
options.AddPolicy("Admin", p => p.RequireClaim("Admin");
});
And I did the following on the action method:
[Authorize("Admin")]
public async Task<string> Index()
{
return "Yes";
}
Without "Admin", I was able to access the resource, after adding "Admin" I can't.
I am assuming that because my generated JWT Token doesn't have the user claims.
890
OpenID Connect (OIDC) scopes are used by an application during authentication to authorize access to a user's details, like name and picture. Each scope returns a set of user attributes, which are called claims. The scopes an application should request depend on which user attributes the application needs.
OpenID Connect (OIDC) is an open authentication protocol that works on top of the OAuth 2.0 framework. Targeted toward consumers, OIDC allows individuals to use single sign-on (SSO) to access relying party sites using OpenID Providers (OPs), such as an email provider or social network, to authenticate their identities.
OpenID Connect is an open standard that organizations use to authenticate users. IdPs use this so that users can sign in to the IdP, and then access other websites and apps without having to log in or share their sign-in information.
You need to request the roles scope for the roles to be copied in the access token (it may change in the future).
POST /connect/token HTTP/1.1
Host: server.example.com
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=johndoe&password=A3ddj3w&scope=roles
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
