Closed akema-trebla closed 1 year ago
Hi @akema-trebla,
This looks like great progress. It would merge OK, but I'm thinking we should wait for the Blazor WASM part- what do your think?
Also, I have been working on updating claims in a Web API app using JWT Tokens and found a few things along the way. I will be releasing a small (two changes) release and be writing an article about what needed to update claims when using JWT Tokens.
Hi @JonPSmith
I agree. Let's wait for the Blazor WASM part and updating the claims for the JWT approach will be a great add.
Hi @akema-trebla,
OK. I'm away at the moment and I need to do some more tests on the JWT Token and its claims. When I have done that I'll let you know
Hi @akema-trebla,
I was working on a feature to alter the claims of a user in an application that uses the JWT token for authentication (this new features is needed if the application uses sharding). It didn't work because the default JWT token claims don't have the correct user's ID! This would also cause lots of other problems as getting the user's ID is key to how AuthP works.
After a lot of searching I found this stackoverflow answer which said I needed the command JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();
for the nameidentifier claim to have the correct user's Id. Here is the change I made to Example2's Program
class - see line 3 for the code below.
var jwtData = new JwtSetupData();
builder.Configuration.Bind("JwtData", jwtData);
JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear(); //ADD THIS LINE
builder.Services.AddAuthentication(auth =>
{
auth.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
auth.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
auth.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
//... other code left out
I recommend you add the JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();
to your Example7.
NOTE: I'm still working on this in the dev
branch so you won't see this in the main
branch until I have finished this feature.
Hi @JonPSmith
Thanks for the heads up. Will do that.
Hi @akema-trebla,
I was working on a feature to alter the claims of a user in an application that uses the JWT token for authentication (this new features is needed if the application uses sharding). It didn't work because the default JWT token claims don't have the correct user's ID! This would also cause lots of other problems as getting the user's ID is key to how AuthP works.
After a lot of searching I found this stackoverflow answer which said I needed the command
JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();
for the nameidentifier claim to have the correct user's Id. Here is the change I made to Example2'sProgram
class - see line 3 for the code below.var jwtData = new JwtSetupData(); builder.Configuration.Bind("JwtData", jwtData); JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear(); //ADD THIS LINE builder.Services.AddAuthentication(auth => { auth.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; auth.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; auth.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => //... other code left out
I recommend you add the
JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();
to your Example7.NOTE: I'm still working on this in the
dev
branch so you won't see this in themain
branch until I have finished this feature.
@JonPSmith
Is this the only change I need to make or there have been some newer improvements since?
Thanks.
Hi @akema-trebla,
Yes, that is the only change I would recommend.
Working WebApi showing how to use AuthP in a Blazor application. This sample implements AuthP's example 4 Retail Shop.
Blazor WASM accompaniment app to follow.