It should really be either an array of roles or a single role because if there is just one role then the JWT token just includes it as a string. And really since custom roles have been introduced to security profiles we should probably not limit the type to ApiRole and instead allow either a string[] or string
Its currently:
This amounts to either:
It should really be either an array of roles or a single role because if there is just one role then the JWT token just includes it as a string. And really since custom roles have been introduced to security profiles we should probably not limit the type to ApiRole and instead allow either a string[] or string