I have an application made with .NET Core API, Keycloak and JWT Token.
The older version of Keycloak that I've been using so far, when it created the JWT Token it wrote the roles here on payload:
{
"user_roles": [
"offline_access",
"uma_authorization",
"admin",
"create-realm"
]
}
But now after I updated it, it's writing the roles here on payload:
{
"realm_access": {
"roles": [
"create-realm",
"teacher",
"offline_access",
"admin",
"uma_authorization"
]
},
}
And I need to know how to change this old code to the new one, to tell that don't look at user_roles
, but do look at realm_access
then to roles
.
public void AddAuthorization(IServiceCollection services)
{
services.AddAuthorization(options =>
{
options.AddPolicy("Administrator", policy => policy.RequireClaim("user_roles", "admin"));
options.AddPolicy("Teacher", policy => policy.RequireClaim("user_roles", "teacher"));
options.AddPolicy("Pupil", policy => policy.RequireClaim("user_roles", "pupil"));
options.AddPolicy(
"AdminOrTeacher",
policyBuilder => policyBuilder.RequireAssertion(
context => context.User.HasClaim(claim =>
claim.Type == "user_roles" && (claim.Value == "admin" || claim.Value == "teacher")
))
);
});
}
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…