Menu
I'm using aspnet core 1.1 and Identity Server 4. I've created a policy in my client Startup.cs that denied all non-verified email accounts to use some sections of the website.
Here's the code of my policy:
//Add policies
services.AddAuthorization(authorizationOptions =>
{
authorizationOptions.AddPolicy(
ApplicationGlobals.Policy_HasValidatedAccount,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.RequireClaim(JwtClaimTypes.EmailVerified, "true",
ClaimValueTypes.Boolean);
});
});
The question is: How can I refresh this EmailVerified claim AFTER the user a confirmed his account? The only way I found was to logout / login ...
774
If the information you are checking against is in the token, then yes the only way to get a new token is a new token request (aka authentication).
If you need something more dynamic, don't use data from a token.
https://leastprivilege.com/2016/12/16/identity-vs-permissions/
143
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
