SimonSchneider
commented
2 years ago Hi, Currently roles validation is not supported.
I've been mulling this over and I think that it's out of scope for this project. Roles validation is a can of worms that can really add to the complexity and size of this project which I did not envision. If we start doing role validation we should most likely start doing it on path and on X and Y, etc.. Therefore I'd argue role validation is out of scope, at least from my perspective.
Also, I, personally, feel better putting role validation in my actual services.
Just want to confirm that Roles Validation is not supported, right? Is there any chance to add this feature?
It should be great to validate the roles of the user to return an Ok or Error. For example: Let's assume that I have 2 different users (Admin and NormalUser), and I want to access to an application that only admins can use, so if I send a token from the admin user that includes the admin role should return an Ok and if I send a token from a NormalUser without the admin role it should return an error.