Commit e3be8f6
committed
🔥 Remove redundant RoleClaimType from JwtBearer token validation
RoleClaimType only influences IsInRole() and [Authorize(Roles = ...)], neither
of which this platform uses. Authorization reads FindAll(ClaimTypes.Role), and
those claims are produced solely by RolesClaimsTransformation, which extracts
roles from the configured RolesClaim path (including nested paths such as
realm_access.roles) and normalizes them to ClaimTypes.Role. RoleClaimType does
not rename or emit claims, so setting it changed nothing. Drop it and document
why it stays unset.1 parent 7136310 commit e3be8f6
1 file changed
Lines changed: 5 additions & 2 deletions
Lines changed: 5 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
43 | 43 | | |
44 | 44 | | |
45 | 45 | | |
46 | | - | |
47 | | - | |
| 46 | + | |
48 | 47 | | |
49 | 48 | | |
50 | 49 | | |
51 | 50 | | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
52 | 55 | | |
53 | 56 | | |
54 | 57 | | |
| |||
0 commit comments