I have a collection of SPA sites that pass the JWT to the ASP Web API backend, which verifies the token is valid and extracts some custom claims I’m inserting (using a rule) for permissions.
Sometime in the last few days my API has started complaining the users aren’t authorised. Long story short it looks like the access token no longer contains the custom claims. The API is validating the token OK but without the custom claims the [Authorize(Roles = )] attribute I’m using is rejecting the user.
I’d like to stress that in this time I’ve made no code changes so why this is suddenly happening after working perfectly for quite some time I have no idea. Any help greatly appreciated!