Skip to content

fix: AzureApp RoleClaimType with IdentityProvider #2027

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mr-sven wants to merge 1 commit into from
Closed

fix: AzureApp RoleClaimType with IdentityProvider #2027

mr-sven wants to merge 1 commit into from

Conversation

@mr-sven
Copy link

@mr-sven mr-sven commented Jan 2, 2023

Adding option to set the default RoleClaimType via AppServicesAuthenticationOptions to use correct roles claim with Microsoft Identity Provider. Fixes #1983

Can be set via

builder.Services.Configure<AppServicesAuthenticationOptions>(AppServicesAuthenticationDefaults.AuthenticationScheme, options =>
{
    options.RoleClaimType = "roles";
});

@mr-sven
Copy link
Author

mr-sven commented Jan 2, 2023

@microsoft-github-policy-service agree

@mr-sven
fix: AzureApp RoleClaimType with IdentityProvider
da3c739 
Adding option to set the default RoleClaimType via
AppServicesAuthenticationOptions to use correct roles claim with
Microsoft Identity Provider.
@mr-sven mr-sven force-pushed the fix-web-app-role-claim branch from fc0907c to da3c739 Compare January 10, 2023 11:11
jmprieur
jmprieur approved these changes Feb 10, 2023
View reviewed changes
Copy link
Collaborator

@jmprieur jmprieur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
Thanks @mr-sven

@nis-spiir
Copy link

nis-spiir commented Mar 27, 2023

Would love to see this merged.

This should be the default when using AAD as IDP.
Seems to cause a lot of confusion (especially because none of the Microsoft Docs tells you that Role claim is mapped incorrectly, so much for "Easy" Auth 😛)

@nis-spiir nis-spiir mentioned this pull request Mar 27, 2023
Open
@jmprieur
Copy link
Collaborator

jmprieur commented Apr 2, 2023

Thanks @mr-sven for this PR, and for your patience.
I propose to take the fix in a simplified way, as, given Easy Auth is using AAD v2.0, the claim will always be "roles"
Proposed another PR: #2166

@jmprieur jmprieur closed this Apr 2, 2023
@jmprieur jmprieur mentioned this pull request Apr 2, 2023
Merged
@mr-sven mr-sven deleted the fix-web-app-role-claim branch April 3, 2023 18:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmprieur jmprieur jmprieur approved these changes

Assignees

No one assigned

Labels

App Services Auth

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Azure App Service ClaimsIdentity.RoleClaimType wrong if using Microsoft Identity Provider

3 participants

@mr-sven @nis-spiir @jmprieur