search

SenseNet / sn-client-dotnet

A .Net client for sensenet that makes it easy to use the REST API of the Content Repository.
https://www.sensenet.com/
GNU General Public License v2.0
7 stars 16 forks source link

GetCurrentUser cannot recognize the user #131

Open kavics opened 5 months ago

kavics commented 5 months ago

Problem: The current user is parsed from the JWT token's top-level property Subject as the userId. In some environments (e.g. integration test) the JWT does not contain this property. Solution: Parse the Payload.client_sub property that is the user name in the following format: "builtin\admin" and load the user by this data.

For further information please check the comments below.

See jwt token in this line in the Repository.cs: https://github.com/SenseNet/sn-client-dotnet/blob/d1218c198451ac9850897592dff911c1dedafd5f/src/SenseNet.Client/Repository/Repository.cs#L586

var jwtSecurityToken = handler.ReadJwtToken(accessToken);
hashtagnulla commented 3 months ago

Partially resolved: when the claim "sub" is missing, we log the rest of the available claims in a warning entry.

Strongly recommended to check the logs sometimes.