Should identity roles be included on default root user? #716
-
|
When requesting a token for the default "root" tenant admin user via swagger, I was expecting the decoded token to include "Admin" and "Basic" in the identity roles. Should they be there? What have I broken or missed? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
These are the claims that are sent in the token: After logging in, you can retrieve the permissions via On the client side, you should only look at permissions to enable/disable things. never roles. The roles are just an intermediary thing for more easily managing groups of permissions, but ultimately the permissions are the important thing and what should be checked against. |
Beta Was this translation helpful? Give feedback.
These are the claims that are sent in the token:
https://github.com/fullstackhero/dotnet-webapi-boilerplate/blob/370dc7bb7a5c84af53ea37cdffa109060b07807e/src/Infrastructure/Identity/TokenService.cs#L110-L122
After logging in, you can retrieve the permissions via
api/personal/permissions, which ultimately calls:https://github.com/fullstackhero/dotnet-webapi-boilerplate/blob/370dc7bb7a5c84af53ea37cdffa109060b07807e/src/Infrastructure/Identity/UserService.Permissions.cs#L10-L29
On the client side, you should only look at permissions to enable/disable things. never roles. The roles are just an intermediary thing for more easily managing groups of permissions, but ultimately the permissions a…