Open Closed

Dynamic Claims Example #6620


User avatar
0
it@keystonecustomhome.com created

It would be extremely useful to see a real-world example of how DynamicClaims work. is this feasible or have I missed an existing example?

Thank you!


15 Answer(s)
  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hi,

    Can you check this links 1.https://github.com/abpframework/abp/issues/18060 2.https://docs.abp.io/en/abp/latest/Dynamic-Claims

    Thanks.

  • User Avatar
    0
    it@keystonecustomhome.com created

    okay, I MIGHT be able to figure things out with this but a simple straightforward example would be helpful.

    Your official documents show how to configure everything for dynamic claims, but not how to use it. can you put a straightforward example here will provide a very basic project to show usage?

    Thank you!

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hello,

    There is no any specific example but you can refer this https://github.com/abpframework/abp/issues/8620

    ABP's dynamic claims feature is used to automatically and dynamically override the configured claim values in the client's authentication token/cookie by the latest values of these claims.

    thanks

  • User Avatar
    0
    it@keystonecustomhome.com created

    you really think that's a helpful link? frustrating.

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Sorry for your inconvenience I will check again and get back to you.

  • User Avatar
    0
    mattw@agilenova.com created

    Hello,

    I second the request for a working example for Dynamic Claims. I have followed the instructions to enable dynamic claims in HttpApi.Host, but am at a loss as to how to get this to work in the Angular front end.

    In my case, the ABP backend (with the embedded OpenIddict auth server) changes the user's role based on payment for a subscription. The issue is that the ABP front-end, which uses Angular, has a JWT token with the old role and the token doesn't reflect the change until I logout and log back in. The documentation indicates that the user role is a dynamic claim but I am not sure how this works.

    Please provide an example or additional documentation on how Dynamic Claims can be enabled with an Angular front end.

    Thank you!

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please provide an example or additional documentation on how Dynamic Claims can be enabled with an Angular front end.

    Angular can only get the latest claims by refreshing.

    The /api/abp/application-configuration endpoint will respond to the latest states.

  • User Avatar
    0
    it@keystonecustomhome.com created

    Hello,

    I second the request for a working example for Dynamic Claims. I have followed the instructions to enable dynamic claims in HttpApi.Host, but am at a loss as to how to get this to work in the Angular front end.

    In my case, the ABP backend (with the embedded OpenIddict auth server) changes the user's role based on payment for a subscription. The issue is that the ABP front-end, which uses Angular, has a JWT token with the old role and the token doesn't reflect the change until I logout and log back in. The documentation indicates that the user role is a dynamic claim but I am not sure how this works.

    Please provide an example or additional documentation on how Dynamic Claims can be enabled with an Angular front end.

    Thank you!

    Matt, would you be willing to share your implementation here? Thank you!

  • User Avatar
    0
    mattw@agilenova.com created

    Hi, I just tried calling the application-configuration endpoint from postman before and after a role change, but the auth / grantedPolicies are not changing. I'm running ABP 8.0.2 commercial.

    "auth": { "grantedPolicies": { }

    If I restart HttpApi.Host, the grantedPolicies are updated.

    I followed the instructions to upgrade my code in XXXHttpApiHostModule.cs: private void ConfigureAuthentication(ServiceConfigurationContext context) { context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); // Enable dynamic claims context.Services.Configure<AbpClaimsPrincipalFactoryOptions>(options => { options.IsDynamicClaimsEnabled = true; //options.RemoteRefreshUrl = configuration["AuthServerUrl"] + options.RemoteRefreshUrl; }); }

    ... app.UseUnitOfWork(); app.UseDynamicClaims(); app.UseAuthorization();

    Please advise.

  • User Avatar
    0
    mattw@agilenova.com created

    Hello,

    I second the request for a working example for Dynamic Claims. I have followed the instructions to enable dynamic claims in HttpApi.Host, but am at a loss as to how to get this to work in the Angular front end.

    In my case, the ABP backend (with the embedded OpenIddict auth server) changes the user's role based on payment for a subscription. The issue is that the ABP front-end, which uses Angular, has a JWT token with the old role and the token doesn't reflect the change until I logout and log back in. The documentation indicates that the user role is a dynamic claim but I am not sure how this works.

    Please provide an example or additional documentation on how Dynamic Claims can be enabled with an Angular front end.

    Thank you!

    Matt, would you be willing to share your implementation here? Thank you!

    Sorry, I can only share code snippets. It's a project for a client (NDA).

  • User Avatar
    0
    mattw@agilenova.com created

    Hi, I just tried calling the application-configuration endpoint from postman before and after a role change, but the auth / grantedPolicies are not changing. I'm running ABP 8.0.2 commercial.

    "auth": { "grantedPolicies": { }

    If I restart HttpApi.Host, the grantedPolicies are updated.

    I followed the instructions to upgrade my code in XXXHttpApiHostModule.cs: private void ConfigureAuthentication(ServiceConfigurationContext context) { context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); // Enable dynamic claims context.Services.Configure<AbpClaimsPrincipalFactoryOptions>(options => { options.IsDynamicClaimsEnabled = true; //options.RemoteRefreshUrl = configuration["AuthServerUrl"] + options.RemoteRefreshUrl; }); }

    ... app.UseUnitOfWork(); app.UseDynamicClaims(); app.UseAuthorization();

    Please advise.

    On the server, I change the user's role based on their subscription status. Here is the code: var user = await _identityUserManager.GetByIdAsync(sub.CreatorId!.Value); await _identityUserManager.SetRolesAsync(user, GUEST); Note: _identityUserManager is Volo.Abp.Identity.IdentityUserManager

    As indicated, the role change was not taking effect unless I restart the HttpApi.Host. I originally thought it was caching and tried setting a short SlidingExpiration for GlobalCacheEntryOptions with no luck.

    I was only able to get this to work for my use case by updating the security timestamp on the user to reset all tokens/sessions. await _identityUserManager.UpdateSecurityStampAsync(user); Fortunately, this fixes the issue without requiring the user to log out and log in.

    I am happy to have this working, but Is this the correct approach?

  • User Avatar
    0
    it@keystonecustomhome.com created

    @maliming can we keep this thread going? I'm back on this and needing to implement this within the next week. is mattw correct in his approach and is there anything additional you can provide to make our development experience easier and more transparent in this matter? thank you

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    I think this is not the best way, our framework doesn't require any extra work from you. However, there is a bug in our 8.0.x version, you can upgrade to the latest 8.0.x version for testing.

  • User Avatar
    0
    it@keystonecustomhome.com created

    I think this is not the best way, our framework doesn't require any extra work from you.
    However, there is a bug in our 8.0.x version, you can upgrade to the latest 8.0.x version for testing.

    I'm sorry, but I have no idea what your response means. So I will ask it again

    • is there anything additional you can provide to make our development experience easier and more transparent in this matter?*
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    If you create a new template project, dynamic claims will work as expected.

    The details exist on the document https://docs.abp.io/en/abp/latest/Dynamic-Claims

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09