It would be extremely useful to see a real-world example of how DynamicClaims work. is this feasible or have I missed an existing example?
Thank you!
15 Answer(s)
-
0
Hi,
Can you check this links 1.https://github.com/abpframework/abp/issues/18060 2.https://docs.abp.io/en/abp/latest/Dynamic-Claims
Thanks.
-
0
okay, I MIGHT be able to figure things out with this but a simple straightforward example would be helpful.
Your official documents show how to configure everything for dynamic claims, but not how to use it. can you put a straightforward example here will provide a very basic project to show usage?
Thank you!
-
0
Hello,
There is no any specific example but you can refer this https://github.com/abpframework/abp/issues/8620
ABP's dynamic claims feature is used to automatically and dynamically override the configured claim values in the client's authentication token/cookie by the latest values of these claims.
thanks
-
0
you really think that's a helpful link? frustrating.
-
0
Sorry for your inconvenience I will check again and get back to you.
-
0
Hello,
I second the request for a working example for Dynamic Claims. I have followed the instructions to enable dynamic claims in HttpApi.Host, but am at a loss as to how to get this to work in the Angular front end.
In my case, the ABP backend (with the embedded OpenIddict auth server) changes the user's role based on payment for a subscription. The issue is that the ABP front-end, which uses Angular, has a JWT token with the old role and the token doesn't reflect the change until I logout and log back in. The documentation indicates that the user role is a dynamic claim but I am not sure how this works.
Please provide an example or additional documentation on how Dynamic Claims can be enabled with an Angular front end.
Thank you!
-
0
hi
Please provide an example or additional documentation on how Dynamic Claims can be enabled with an Angular front end.
Angular can only get the latest claims by refreshing.
The
/api/abp/application-configurationendpoint will respond to the latest states. -
0
Hello,
I second the request for a working example for Dynamic Claims. I have followed the instructions to enable dynamic claims in HttpApi.Host, but am at a loss as to how to get this to work in the Angular front end.
In my case, the ABP backend (with the embedded OpenIddict auth server) changes the user's role based on payment for a subscription. The issue is that the ABP front-end, which uses Angular, has a JWT token with the old role and the token doesn't reflect the change until I logout and log back in. The documentation indicates that the user role is a dynamic claim but I am not sure how this works.
Please provide an example or additional documentation on how Dynamic Claims can be enabled with an Angular front end.
Thank you!
Matt, would you be willing to share your implementation here? Thank you!
-
0
Hi, I just tried calling the application-configuration endpoint from postman before and after a role change, but the auth / grantedPolicies are not changing. I'm running ABP 8.0.2 commercial.
"auth": { "grantedPolicies": { }
If I restart HttpApi.Host, the grantedPolicies are updated.
I followed the instructions to upgrade my code in XXXHttpApiHostModule.cs: private void ConfigureAuthentication(ServiceConfigurationContext context) { context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); // Enable dynamic claims context.Services.Configure<AbpClaimsPrincipalFactoryOptions>(options => { options.IsDynamicClaimsEnabled = true; //options.RemoteRefreshUrl = configuration["AuthServerUrl"] + options.RemoteRefreshUrl; }); }
... app.UseUnitOfWork(); app.UseDynamicClaims(); app.UseAuthorization();
Please advise.
-
0
Hello,
I second the request for a working example for Dynamic Claims. I have followed the instructions to enable dynamic claims in HttpApi.Host, but am at a loss as to how to get this to work in the Angular front end.
In my case, the ABP backend (with the embedded OpenIddict auth server) changes the user's role based on payment for a subscription. The issue is that the ABP front-end, which uses Angular, has a JWT token with the old role and the token doesn't reflect the change until I logout and log back in. The documentation indicates that the user role is a dynamic claim but I am not sure how this works.
Please provide an example or additional documentation on how Dynamic Claims can be enabled with an Angular front end.
Thank you!
Matt, would you be willing to share your implementation here? Thank you!
Sorry, I can only share code snippets. It's a project for a client (NDA).
-
0
Hi, I just tried calling the application-configuration endpoint from postman before and after a role change, but the auth / grantedPolicies are not changing. I'm running ABP 8.0.2 commercial.
"auth": { "grantedPolicies": { }
If I restart HttpApi.Host, the grantedPolicies are updated.
I followed the instructions to upgrade my code in XXXHttpApiHostModule.cs: private void ConfigureAuthentication(ServiceConfigurationContext context) { context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); // Enable dynamic claims context.Services.Configure<AbpClaimsPrincipalFactoryOptions>(options => { options.IsDynamicClaimsEnabled = true; //options.RemoteRefreshUrl = configuration["AuthServerUrl"] + options.RemoteRefreshUrl; }); }
... app.UseUnitOfWork(); app.UseDynamicClaims(); app.UseAuthorization();
Please advise.
On the server, I change the user's role based on their subscription status. Here is the code: var user = await _identityUserManager.GetByIdAsync(sub.CreatorId!.Value); await _identityUserManager.SetRolesAsync(user, GUEST); Note: _identityUserManager is Volo.Abp.Identity.IdentityUserManager
As indicated, the role change was not taking effect unless I restart the HttpApi.Host. I originally thought it was caching and tried setting a short SlidingExpiration for GlobalCacheEntryOptions with no luck.
I was only able to get this to work for my use case by updating the security timestamp on the user to reset all tokens/sessions. await _identityUserManager.UpdateSecurityStampAsync(user); Fortunately, this fixes the issue without requiring the user to log out and log in.
I am happy to have this working, but Is this the correct approach?
-
0
@maliming can we keep this thread going? I'm back on this and needing to implement this within the next week. is mattw correct in his approach and is there anything additional you can provide to make our development experience easier and more transparent in this matter? thank you
-
0
I think this is not the best way, our framework doesn't require any extra work from you. However, there is a bug in our 8.0.x version, you can upgrade to the latest 8.0.x version for testing.
-
0
I think this is not the best way, our framework doesn't require any extra work from you.
However, there is a bug in our 8.0.x version, you can upgrade to the latest 8.0.x version for testing.I'm sorry, but I have no idea what your response means. So I will ask it again
- is there anything additional you can provide to make our development experience easier and more transparent in this matter?*
-
0
hi
If you create a new template project, dynamic claims will work as expected.
The details exist on the document https://docs.abp.io/en/abp/latest/Dynamic-Claims
