Identityserver4.admin: How to handle multiple roles for same user and Authorize an api
Hello Skoruba ,
Thanks for this nice project it helps a lot
But am having two issues
- is how can allow multiple roles for a single user , this comes i hand when i have more than one application where user can be able to share the login i tried to implement but it ends up in access denied page failing to authorize the user
- what are the best way to authorize the API, i tried to implement but it works only on first minute after first minute the API loses access hence preventing user to have access to an API and the refresh token is invalid and throws an error when i try to renew the access token using the refresh token
Munde
All 8 comments
Hey @Munde,
1.) Have you inspect the token - if the token contains a list of roles as you requested from IS4? Btw: did you mean - add more roles to single user via view - /Identity/UserRoles?
2.) I can highly recommend take a look at Samples of IdentityServer4 - there are a lot of great example how to work with API.
skoruba
on 6 Nov 2018
Here: https://github.com/IdentityServer/IdentityServer4.Samples
Sorry - I accidentally closed it from my mobile. :))
skoruba
on 6 Nov 2018
yes i mean multiple roles via identity/UserRoles yes like a may posses two or more roles and i can authorize using one or more roles in the application,
like
[Authorize(Roles="SkorubaAdministrator,SuperAdmin,Customer")]
when i assign more than one role to the user i end up getting access denied
like this when i assign multiple roles it only first role n discard other role
Munde
on 6 Nov 2018
Could you please check the User object and claims - if the roles are part of these claims?
Does your client ask for roles in scope?
Thanks!
skoruba
on 6 Nov 2018
Btw: take a look here https://github.com/IdentityServer/IdentityServer4/issues/1786#issuecomment-381117764
skoruba
on 6 Nov 2018
Yes my client ask role as a part of its scope, when i do assign single role it works as expected but when i add multiple roles to same user i end up i getting this error
and this are the setting in my AddOpenId
i tried both using
options.ClaimActions.MapUniqueJsonKey("role", "role","roles");
and options.ClaimActions.MapUniqueJsonKey("role", "role","role"); still i get the above error
Munde
on 7 Nov 2018
OK, I will check it later.
Thanks for reporting
skoruba
on 7 Nov 2018
We have been able to solve it by adding this piece of code on option.Events
OnUserInformationReceived = async context =>
{
if (context.User.TryGetValue(JwtClaimTypes.Role, out JToken role))
{
var claims = new List<Claim>();
if (role.Type != JTokenType.Array)
{
claims.Add(new Claim(JwtClaimTypes.Role, (string)role));
}
else
{
foreach (var r in role)
claims.Add(new Claim(JwtClaimTypes.Role, (string)r));
}
var id = context.Principal.Identity as ClaimsIdentity;
id.AddClaims(claims);
}
}
Munde
on 26 Nov 2018
Related issues
xmichaelx
路
4Comments
gokayokutucu
路
3Comments
weedkiller
路
4Comments
maythamfahmi
路
4Comments
yiskang
路
3Comments
Most helpful comment
We have been able to solve it by adding this piece of code on option.Events
OnUserInformationReceived = async context => { if (context.User.TryGetValue(JwtClaimTypes.Role, out JToken role)) { var claims = new List<Claim>(); if (role.Type != JTokenType.Array) { claims.Add(new Claim(JwtClaimTypes.Role, (string)role)); } else { foreach (var r in role) claims.Add(new Claim(JwtClaimTypes.Role, (string)r)); } var id = context.Principal.Identity as ClaimsIdentity; id.AddClaims(claims); } }