Comments (12)
They should - all roles that don't start with "IdentityServer" should go in the token.
from identityserver2.
Looks like a bug, it is actually including roles that do start with "identityServer" :)
public IEnumerable<string> GetRoles(string userName)
{
var returnedRoles = new List<string>();
if (Roles.Enabled)
{
var roles = Roles.GetRolesForUser(userName);
returnedRoles = roles.Where(role => role.StartsWith(Constants.Roles.InternalRolesPrefix)).ToList();
}
return returnedRoles;
}
from identityserver2.
This is the right code:
protected virtual IEnumerable GetRolesForToken(string userName)
{
var returnedRoles = new List();
if (Roles.Enabled)
{
var roles = Roles.GetRolesForUser(userName);
returnedRoles = roles.Where(role => !(role.StartsWith(Constants.Roles.InternalRolesPrefix))).ToList();
}
return returnedRoles;
}
in ProviderClaimsRepository.cs
from identityserver2.
Yes, was going to send a pull request but then you said to not bother until the beta :)
from identityserver2.
So I double checked the code - it is working fine here.
from identityserver2.
Perhaps it hasn't updated on GitHub? The code here is incorrect https://github.com/thinktecture/Thinktecture.IdentityServer.v2/blob/master/src/Libraries/Thinktecture.IdentityServer.Core.Repositories/ProviderUserRepository.cs
from identityserver2.
And you are looking at the wrong code.
This is the right file:
https://github.com/thinktecture/Thinktecture.IdentityServer.v2/blob/master/src/Libraries/Thinktecture.IdentityServer.Core.Repositories/ProviderClaimsRepository.cs
from identityserver2.
Yes that file is correct.
However, the instance of IUserRepository
injected into ClaimsTransformer
for me is of type ProviderUserRepository
when requesting an OAuth2 token, not ProviderClaimsRepository
.
from identityserver2.
The OAuth controller calls into sts.TryIssueToken. This ultimately invokes the logic in TokenService.cs - and this uses the claims repository. Put some breakpoints into TokenService.cs
from identityserver2.
You're right, it does call the ProviderClaimsRepository after calling ProviderUserRepository, I just hadn't stepped in that far. Why does it call Roles.GetRolesForUser
twice?
from identityserver2.
There are two types of roles - the ones that start with IdentityServer are for internal use (authZ in the UI) - all the others are "for tokens".
from identityserver2.
Okay, thanks for clarifying, and your patience. I'll close the issue.
from identityserver2.
Related Issues (20)
- How to redirect to a custom page on WS Federation signout in MVC app
- ID4022: The key needed to decrypt the encrypted security token could not be resolved. Ensure that the SecurityTokenResolver is populated with the required key
- Link and GitHub Pages broken
- Federation with External Identity Providers HOT 1
- Disable SSL and Mixed Mode Security
- User Roles in a Azure AD SSO Scenario
- Missing "Role" as a claim in SharePoint server
- Pass whr to Identity Provider HOT 2
- Win10 AAD sign in - unsupported GET for WS-Trust MEX
- Redirects to /account/signin HOT 1
- Could not find a base address that matches scheme http for the endpoint with binding CertificateWSTrustBinding
- IdentityServer v2 HOT 1
- Thinktecture.IdentityModel.45 is not in git
- login loop
- 'ClaimsIdentity.BootstrapContext' could not be mapped
- WIF10201: No valid key mapping found for securityToken
- "Authorization for token issuance failed because the user is anonymous" when calling service from console client.
- IdentityServer2 integration with PingFederate using WS-Federation protocol HOT 1
- Clustering IdentityServer v2 for high availability
- Disappearing Client Secret HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from identityserver2.