JWT contains the role names twice

I use the CredentialsAuthProvider and JwtAuthProvider (myGet SS 5.0).
Within the UserAuth Table, the user has two roles “A” and “B”. At the client side, I decode the JWT and update the UI according to the user roles. The JWT array field “roles” contains the roles but they are duplicated: “A,B,A,B”.

I didn’t touch the SS default handling. Any ideas where to track down the duplication?

The JwtAuthProvider calls IAuthRepository.GetRoles() to retrieve the roles for the user which it then combines with Roles on the UserSession which is no longer adding duplicates from this commit.

This change is available from v5 that’s now available on MyGet, please review v5 changes before upgrading.

Thank you very much!