Open Closed

Relogin required to reflect permission change #559


User avatar
0
Jeremy created

We are using token based authorization for our project. Everytime we grant permissions to a user, he has to request for a new token to get the permissions, is this the right way to update user's permissions? Are there any advices to optimize the authorization process please?

  • ABP Framework version: v3.3.0
  • UI type: Angular
  • Tiered (MVC) or Identity Server Seperated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:

3 Answer(s)
  • User Avatar
    0
    alper created
    Support Team Director

    the granted permissions are stored in the claims and as far as I know there's only 1 way to get the new claims, relogin.

  • User Avatar
    0
    Jeremy created

    We havent implement the realtime notification to notify the client for a relogin. Are there any others options ? Is relogin necessary for cookie based authorization as well?

  • User Avatar
    0
    alper created
    Support Team Director

    no need to relogin but needs page refresh to get the application-configuration. for MVC (cookie auth) , a page refresh is required to see the new permissions

Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11