JWT Roles Not Populated Correctly

lucuma · October 21, 2022, 9:14pm

I have a JWT token that I’m generating via the SS tooling.

var body = JwtAuthProvider.CreateJwtPayload(new JobBoardSession {
        UserAuthId = user.Id,
        DisplayName =displayName,
        FullName = displayName,
        UserName = user.Email,
        Email = user.Email,
        Audiences = new List<string> { "blah" },
        IsAuthenticated = true,
        Company = companyId.ToString()
    },
    issuer: jwtProvider.Issuer,
    expireIn: jwtProvider.ExpireTokensIn,
    roles: user.Roles.Select(x => x.Name).ToList(),
    permissions: new List<string> { $"companyId:{companyId}" }
);

The JWT token has this:

 "roles": [
    "Super Admin"
  ],

When calling: jsession.PopulateFromMap(payload); with that token, the roles gets populated with “Super”,“Admin”. Not sure why. Is it expecting JSV?

This was working properly in 5.10, it was updated recently to 6.4.1.

Any ideas?

mythz · October 22, 2022, 12:07am

Please provide the source code for creating jsession and payload.

mythz · October 22, 2022, 1:08am

I was able to repro the issue using JwtAuthProvider.GetVerifiedJwtPayload() which should be resolved from this commit, this change is available from latest v6.4.1+ that’s now available on MyGet.