I have an application made with .NET Core API, Keycloak and JWT Token.
The older version of Keycloak that I've been using so far, when it created the JWT Token it wrote the roles here on payload:
{
"user_roles": [
"offline_access",
"uma_authorization",
"admin",
"create-realm"
]
}
But now after I updated it, it's writing the roles here on payload:
{
"realm_access": {
"roles": [
"create-realm",
"teacher",
"offline_access",
"admin",
"uma_authorization"
]
},
}
And I need to know how to change this old code to the new one, to tell that don't look at user_roles
, but do look at realm_access
then to roles
.
public void AddAuthorization(IServiceCollection services)
{
services.AddAuthorization(options =>
{
options.AddPolicy("Administrator", policy => policy.RequireClaim("user_roles", "admin"));
options.AddPolicy("Teacher", policy => policy.RequireClaim("user_roles", "teacher"));
options.AddPolicy("Pupil", policy => policy.RequireClaim("user_roles", "pupil"));
options.AddPolicy(
"AdminOrTeacher",
policyBuilder => policyBuilder.RequireAssertion(
context => context.User.HasClaim(claim =>
claim.Type == "user_roles" && (claim.Value == "admin" || claim.Value == "teacher")
))
);
});
}
See Question&Answers more detail:os