Ocelot icon indicating copy to clipboard operation
Ocelot copied to clipboard

Published 20 hours ago verified publisher icon ThreeMammals

ScopesAuthorizer does not find scope

Open bednart opened this issue 2 years ago • 1 comments

Hi, I'm trying to use AllowedScopes array in Ocelot config with only one value: "AllowedScopes": [ "access_as_user" ]

I'm using Azure AD App Registration with specified scope at "Expose an API" tab and there is scp claim in JWT access token once requested: "scp": "access_as_user"

Problem is that ScopeAuthorizer uses build in "scope" as claim type, but access_as_user is in claim with "http://schemas.microsoft.com/identity/claims/scope" type so it is not found and ScopesAuthorizer throws error "no one user scope: '' match with some allowed scope: 'access_as_user'"

Question is. Am I doing something wrong or AllowedScopes array is not usable for this use case?

Thanks, beda

bednart avatar Mar 07 '22 07:03 bednart

Hello @bednart ,

I faced a similar issue. Please check if you are using the Authentication midleware app.UseAuthentication() or\and JwtSecurityTokenHandler.DefaultInboundClaimTypeMap to map your scopes.

You may find more information here: https://ocelot.readthedocs.io/en/latest/features/authentication.html

vitorelli avatar Apr 29 '22 14:04 vitorelli