Cannot see role in User.Identity object

gwhitdev · January 22, 2021, 1:11pm

Hello,
I have used the sample Asp.Net MVC Core app to integrate my auth. I can login/out and see user profile details etc but the role claim isn’t appearing in the User.Idenity object.

GitHub: MealSaverApp/MealSaverApp at main · gwhitdev/MealSaverApp · GitHub

I’ve created a rule
function setRolesToUser(user, context, callback) {
// Roles should only be set to verified users.
//
if (!user.email || !user.email_verified) {
return callback(null, user, context);
}

user.app_metadata = user.app_metadata || {};
// You can add a Role based on what you want
// In this case I check domain
const addRolesToUser = function (user) {
const endsWith = ‘@garethwhitley.online’;

if (
user.email &&
user.email.substring(
user.email.length - endsWith.length,
user.email.length
) === endsWith
) {
return [‘admin’];
}
return [‘user’];
};

  const roles = addRolesToUser(user);

  user.app_metadata.roles = roles;
  auth0.users
    .updateAppMetadata(user.user_id, user.app_metadata)
    .then(function () {
      context.idToken['https://mealsaverapp/roles'] = user.app_metadata.roles;
      callback(null, user, context);
    })
    .catch(function (err) {
      callback(err);
    });
}

I pre-populated the ‘admin’ role into two different users that I created and testing the rule shows the role appearing. However, when I run the app (locally and in Azure) the only claims I get are the ‘standard’ ones associated with the sample app. The NameClaimType comes through, but the RoleClaimType does not.

Any ideas?

gwhitdev · January 22, 2021, 1:43pm

Ok. So, I don’t know if this is actually THE solution, but somehow I’ve managed to get it to work.

I added another authentication scheme in the Startup.cs for JwtDefaults and then added .AddJwtBearer with the authority and audience as options and… now it works!

stephanie.chamblee · January 22, 2021, 8:47pm

Thanks for sharing your solution!