0 Replies - 1449 Views - Last Post: 22 October 2020 - 08:39 AM

#1 fearfulsc2   User is offline

  • D.I.C Regular

Reputation: 19
  • View blog
  • Posts: 342
  • Joined: 25-May 16

JWT Multiple Roles/Claims Design Help

Posted 22 October 2020 - 08:39 AM

Hi everyone, I am trying to implement a JWT authentication/authorization scheme for SSO API calls.

We have one server that issues the token with that user's specific claims.

I have to change our microservices to allow JWT along with the expected issuer/audience and key so that the token can at least be validated.

I have that part working and I am able to add Policies and test for a certain case.

The issue I am having is making this more dynamic.

For example, a token can give a user these claims
"Healthcare": "dbo",
  "Telecom": "dbo",
  "Graphic Arts": "dbo",
  "Healthcare": "dbo"
// these are part of the bigger json with the rest of the claims and other info such as issuer and audience and expiration

And in the startup, I can do something like
            services.AddAuthorization(options =>
                options.AddPolicy("IT", policy => policy.RequireClaim("IT"));
                options.AddPolicy("TelecomDbo", policy => policy.RequireClaim("Telecom", "dbo"));
                options.AddPolicy("HealthcareDbo", policy => policy.RequireClaim("Healthcare", "dbo"));

And then the controller I can do something like
        [Authorize(Policy = "TelecomDbo")]
        public IActionResult Poke()
            return Ok("Ouch!");

And if the user has that claim, it works.

I am trying to figure out how to design this for the 10s/100s of roles and groups users can be part of. Such as each one of those things such as Telecom can have many roles and each of those things would have the same roles but for different offices essentially.

Has anyone worked on something similar? Otherwise, I would have to add hundreds of Policies (which is a lot of bloat code) and then I would have to keep adding the policy checks in the controller (also bloat code). How would you go about this?

Is This A Good Question/Topic? 0
  • +

Page 1 of 1