Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] RoleClaimType is not added to ClaimsIdentity #1218

Closed
1 of 8 tasks
HWouters opened this issue May 26, 2021 · 3 comments
Closed
1 of 8 tasks

[Bug] RoleClaimType is not added to ClaimsIdentity #1218

HWouters opened this issue May 26, 2021 · 3 comments
Labels
fixed regression regression between Microsoft Identity Web versions

Comments

@HWouters
Copy link

HWouters commented May 26, 2021
edited
Loading

Which version of Microsoft Identity Web are you using?
This issue is only present in the latest version 1.11

Where is the issue?

  • Web app
    • Sign-in users
    • Sign-in users and call web APIs
  • Web API
    • Protected web APIs (validating tokens)
    • Protected web APIs (validating scopes)
    • Protected web APIs call downstream web APIs
  • Token cache serialization
    • In-memory caches
    • Session caches
    • Distributed caches
  • Other (please describe)

Is this a new or an existing app?
b. The app is in production and I haven't upgraded Microsoft Identity Web, but started seeing this issue.

Repro

 services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(options =>
                {
                    Configuration.Bind("AzureAdB2C", options);
                    options.TokenValidationParameters.NameClaimType = "email";
                    options.TokenValidationParameters.RoleClaimType = "roles";
                    options.Events ??= new OpenIdConnectEvents();
                    options.Events.OnRedirectToIdentityProvider = OnRedirectToIdentityProvider;
                })
                .EnableTokenAcquisitionToCallDownstreamApi(scopes)
                .AddDistributedTokenCaches();

Expected behavior
"roles" is set as the RoleClaimType in the ClaimsIdentity (was working in v1.10)

Actual behavior
No matter what you configure in the TokenValidationParameters, the RoleClaimType is always: "http://schemas.microsoft.com/ws/2008/06/identity/claims/role"
@HWouters HWouters changed the title [Bug] [Bug] RoleClaimType is not added to ClaimsIdentity May 26, 2021
@jennyf19 jennyf19 added the regression regression between Microsoft Identity Web versions label May 26, 2021
@jennyf19 jennyf19 mentioned this issue May 28, 2021
Merged
@jennyf19 jennyf19 added the fixed label May 28, 2021
@jennyf19
Copy link
Collaborator

thanks @HWouters this will go in the 1.12 release, scheduled for mid-late next week (week of June 1)

@jmprieur
Copy link
Collaborator

jmprieur commented Jun 2, 2021

@HWouters this is fixed in 1.12.0 which released today

@jmprieur jmprieur closed this as completed Jun 2, 2021
@y2kbugger
Copy link

@jennyf19 I think I still get this on current (and 1.10.0 1.11.0, 1.12.0) my setup might be different or I might be misunderstanding what these settings do.

I can say that the following settings have no effect on what comes out the the AuthenticationStateProvider (Microsoft.AspNetCore.Components.Server.ServerAuthenticationStateProvider)

            services
                .AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApp(
                    options =>
                    {
                        Configuration.Bind("AzureAd", options);
                        options.TokenValidationParameters.NameClaimType = "email";
                        options.TokenValidationParameters.RoleClaimType = "roles";
                    });

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fixed regression regression between Microsoft Identity Web versions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@HWouters @y2kbugger @jmprieur @jennyf19