Closed yunlang closed 3 months ago
hi, skoruba, I'm working hard to learn from the great work you've done. Today, i'd like to ask you about an issue I've been stuck on.
Here is the parsing of the token received after login. (HS256)
As you can see, the role exists inside the obtained token. (Admin)
But it doesn't exist inside a claims.
As a result, the paragraph that validates the role keeps saying I don't have permission.
I can't figure out which part to look at. Please help
services.AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultChallengeScheme = "oidc"; }) .AddCookie(options => { options.Cookie.Name = siteConfiguration.CookieName; }) .AddOpenIdConnect("oidc", options => { options.Authority = siteConfiguration.IdentityServerBaseUrl; options.RequireHttpsMetadata = false; options.ClientId = siteConfiguration.ClientId; options.ClientSecret = siteConfiguration.ClientSecret; options.ResponseType = siteConfiguration.OidcResponseType; options.UsePkce = true; options.Scope.Clear(); foreach (string scope in siteConfiguration.Scopes) { options.Scope.Add(scope); } options.GetClaimsFromUserInfoEndpoint = true; options.SaveTokens = true; options.TokenValidationParameters = new TokenValidationParameters { NameClaimType = siteConfiguration.TokenValidationClaimName, RoleClaimType = siteConfiguration.TokenValidationClaimRole }; }); services.AddAuthorization(options => { options.AddPolicy(AuthorizationConsts.AdministrationPolicy, policy => policy.RequireRole(RoleTypes.Admin)); options.AddPolicy(AuthorizationConsts.ManagerPolicy, policy => policy.RequireRole( RoleTypes.Admin, RoleTypes.Manager )); options.AddPolicy(AuthorizationConsts.LocalManagerPolicy, policy => policy.RequireRole( RoleTypes.Admin, RoleTypes.Manager, RoleTypes.LocalManager )); options.AddPolicy(AuthorizationConsts.UserPolicy, policy => policy.RequireRole( RoleTypes.Admin, RoleTypes.Manager, RoleTypes.LocalManager, RoleTypes.User )); });
Question
hi, skoruba, I'm working hard to learn from the great work you've done. Today, i'd like to ask you about an issue I've been stuck on.
Here is the parsing of the token received after login. (HS256)![image](https://github.com/skoruba/Duende.IdentityServer.Admin/assets/1518611/56a6728b-bee9-4bcb-a74f-4bdc787ec54b)
As you can see, the role exists inside the obtained token. (Admin)
But it doesn't exist inside a claims.![image](https://github.com/skoruba/Duende.IdentityServer.Admin/assets/1518611/f2ddc996-1b43-4a7c-878d-4f284ff009ec)
As a result, the paragraph that validates the role keeps saying I don't have permission.![image](https://github.com/skoruba/Duende.IdentityServer.Admin/assets/1518611/7549edc8-9ea2-4021-aad4-6c0ed5e4ad51)
I can't figure out which part to look at. Please help
Code