From c85b7c13b10222bc2cc54f0b2ee77cf8c9272cd5 Mon Sep 17 00:00:00 2001 From: mehyaa Date: Mon, 31 May 2021 16:32:20 +0300 Subject: [PATCH 01/12] ScopesAuthorizer refactoring Scopes can be a space separated list in a single claim. Include this possibility on allowed scopes check. --- src/Ocelot/Authorization/ScopesAuthorizer.cs | 40 +++++++++++--------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/src/Ocelot/Authorization/ScopesAuthorizer.cs b/src/Ocelot/Authorization/ScopesAuthorizer.cs index a905fe86a..a233c1ae2 100644 --- a/src/Ocelot/Authorization/ScopesAuthorizer.cs +++ b/src/Ocelot/Authorization/ScopesAuthorizer.cs @@ -1,18 +1,13 @@ -using Ocelot.Infrastructure.Claims.Parser; +using Ocelot.Infrastructure.Claims.Parser; using Ocelot.Responses; using System.Security.Claims; - + namespace Ocelot.Authorization { public class ScopesAuthorizer : IScopesAuthorizer { + private const string ScopeClaimKey = "scope"; private readonly IClaimsParser _claimsParser; - private const string Scope = "scope"; - - public ScopesAuthorizer(IClaimsParser claimsParser) - { - _claimsParser = claimsParser; - } public Response Authorize(ClaimsPrincipal claimsPrincipal, List routeAllowedScopes) { @@ -21,21 +16,32 @@ public Response Authorize(ClaimsPrincipal claimsPrincipal, List ro return new OkResponse(true); } - var values = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, Scope); + var userScopes = + claimsPrincipal.Claims + .Where(x => x.Type == ScopeClaimKey) + .Select(x => x.Value) + .ToArray(); - if (values.IsError) + if (userScopes.Length == 1) { - return new ErrorResponse(values.Errors); + var userScope = userScopes[0]; + + var hasMultipleValues = userScope.Contains(" "); + + if (hasMultipleValues) + { + userScopes = userScope.Split(" ", StringSplitOptions.RemoveEmptyEntries); + } + else + { + userScopes = new[] { userScope }; + } } - var userScopes = values.Data; - - var matchesScopes = routeAllowedScopes.Intersect(userScopes); - - if (!matchesScopes.Any()) + if (routeAllowedScopes.Any(s => !userScopes.Contains(s))) { return new ErrorResponse( - new ScopeNotAuthorizedError($"no one user scope: '{string.Join(',', userScopes)}' match with some allowed scope: '{string.Join(',', routeAllowedScopes)}'")); + new ScopeNotAuthorizedError($"User scopes: '{string.Join(",", userScopes)}' do not have all allowed scopes: '{string.Join(",", routeAllowedScopes)}'")); } return new OkResponse(true); From 5090cbc560286220c53a28bd553afc75ddc4164b Mon Sep 17 00:00:00 2001 From: mehyaa Date: Mon, 31 May 2021 16:45:12 +0300 Subject: [PATCH 02/12] Useless block removed --- src/Ocelot/Authorization/ScopesAuthorizer.cs | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/Ocelot/Authorization/ScopesAuthorizer.cs b/src/Ocelot/Authorization/ScopesAuthorizer.cs index a233c1ae2..4ebbd4b2f 100644 --- a/src/Ocelot/Authorization/ScopesAuthorizer.cs +++ b/src/Ocelot/Authorization/ScopesAuthorizer.cs @@ -32,10 +32,6 @@ public Response Authorize(ClaimsPrincipal claimsPrincipal, List ro { userScopes = userScope.Split(" ", StringSplitOptions.RemoveEmptyEntries); } - else - { - userScopes = new[] { userScope }; - } } if (routeAllowedScopes.Any(s => !userScopes.Contains(s))) From 63f89739a85f7545e6ea98775c1a33b9eb2679e7 Mon Sep 17 00:00:00 2001 From: Mehmet Yasin AKAR Date: Fri, 11 Aug 2023 15:20:16 +0300 Subject: [PATCH 03/12] Update ScopesAuthorizer.cs --- src/Ocelot/Authorization/ScopesAuthorizer.cs | 27 +++++++++++--------- 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/src/Ocelot/Authorization/ScopesAuthorizer.cs b/src/Ocelot/Authorization/ScopesAuthorizer.cs index 4ebbd4b2f..3e647c249 100644 --- a/src/Ocelot/Authorization/ScopesAuthorizer.cs +++ b/src/Ocelot/Authorization/ScopesAuthorizer.cs @@ -1,7 +1,7 @@ using Ocelot.Infrastructure.Claims.Parser; using Ocelot.Responses; using System.Security.Claims; - + namespace Ocelot.Authorization { public class ScopesAuthorizer : IScopesAuthorizer @@ -16,28 +16,31 @@ public Response Authorize(ClaimsPrincipal claimsPrincipal, List ro return new OkResponse(true); } - var userScopes = - claimsPrincipal.Claims - .Where(x => x.Type == ScopeClaimKey) - .Select(x => x.Value) - .ToArray(); + var scopesResponse = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, Scope); + + if (scopesResponse.IsError) + { + return new ErrorResponse(scopesResponse.Errors); + } + + var scopes = scopesResponse.Data; - if (userScopes.Length == 1) + if (scopes.Count == 1) { - var userScope = userScopes[0]; + var scope = scopes[0]; - var hasMultipleValues = userScope.Contains(" "); + var hasMultipleValues = scopes.Contains(" "); if (hasMultipleValues) { - userScopes = userScope.Split(" ", StringSplitOptions.RemoveEmptyEntries); + scopes = scopes.Split(" ", StringSplitOptions.RemoveEmptyEntries).ToList(); } } - if (routeAllowedScopes.Any(s => !userScopes.Contains(s))) + if (routeAllowedScopes.Any(s => !scopes.Contains(s))) { return new ErrorResponse( - new ScopeNotAuthorizedError($"User scopes: '{string.Join(",", userScopes)}' do not have all allowed scopes: '{string.Join(",", routeAllowedScopes)}'")); + new ScopeNotAuthorizedError($"User scopes: '{string.Join(",", scopes)}' do not have all allowed scopes: '{string.Join(",", routeAllowedScopes)}'")); } return new OkResponse(true); From 3c9fc3d788cc90904c8c9628fee59e0f4420ae90 Mon Sep 17 00:00:00 2001 From: Mehmet Yasin AKAR Date: Fri, 11 Aug 2023 15:21:54 +0300 Subject: [PATCH 04/12] Fix ScopesAuthorizer --- src/Ocelot/Authorization/ScopesAuthorizer.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Ocelot/Authorization/ScopesAuthorizer.cs b/src/Ocelot/Authorization/ScopesAuthorizer.cs index 3e647c249..14bec33db 100644 --- a/src/Ocelot/Authorization/ScopesAuthorizer.cs +++ b/src/Ocelot/Authorization/ScopesAuthorizer.cs @@ -33,7 +33,7 @@ public Response Authorize(ClaimsPrincipal claimsPrincipal, List ro if (hasMultipleValues) { - scopes = scopes.Split(" ", StringSplitOptions.RemoveEmptyEntries).ToList(); + scopes = scope.Split(" ", StringSplitOptions.RemoveEmptyEntries).ToList(); } } From a05514c85bea2e4975d6479768f6ee939122b744 Mon Sep 17 00:00:00 2001 From: Mehmet Yasin AKAR Date: Fri, 11 Aug 2023 15:23:29 +0300 Subject: [PATCH 05/12] Fix ScopesAuthorizer --- src/Ocelot/Authorization/ScopesAuthorizer.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Ocelot/Authorization/ScopesAuthorizer.cs b/src/Ocelot/Authorization/ScopesAuthorizer.cs index 14bec33db..5ec00ecb3 100644 --- a/src/Ocelot/Authorization/ScopesAuthorizer.cs +++ b/src/Ocelot/Authorization/ScopesAuthorizer.cs @@ -16,7 +16,7 @@ public Response Authorize(ClaimsPrincipal claimsPrincipal, List ro return new OkResponse(true); } - var scopesResponse = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, Scope); + var scopesResponse = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, ScopeClaimKey); if (scopesResponse.IsError) { From d8510a5dcc52d60e6940785c434c0209a5030cdc Mon Sep 17 00:00:00 2001 From: Mehmet Yasin AKAR Date: Mon, 14 Aug 2023 10:07:52 +0300 Subject: [PATCH 06/12] Refactoring --- src/Ocelot/Authorization/ScopesAuthorizer.cs | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/src/Ocelot/Authorization/ScopesAuthorizer.cs b/src/Ocelot/Authorization/ScopesAuthorizer.cs index 5ec00ecb3..8f6ba9c6c 100644 --- a/src/Ocelot/Authorization/ScopesAuthorizer.cs +++ b/src/Ocelot/Authorization/ScopesAuthorizer.cs @@ -23,24 +23,22 @@ public Response Authorize(ClaimsPrincipal claimsPrincipal, List ro return new ErrorResponse(scopesResponse.Errors); } - var scopes = scopesResponse.Data; + IList userScopes = scopesResponse.Data; - if (scopes.Count == 1) + if (userScopes.Count == 1) { - var scope = scopes[0]; + var scope = userScopes[0]; - var hasMultipleValues = scopes.Contains(" "); - - if (hasMultipleValues) + if (scope.Contains(" ")) { - scopes = scope.Split(" ", StringSplitOptions.RemoveEmptyEntries).ToList(); + userScopes = scope.Split(" ", StringSplitOptions.RemoveEmptyEntries); } } - if (routeAllowedScopes.Any(s => !scopes.Contains(s))) + if (routeAllowedScopes.Except(userScopes).Any()) { return new ErrorResponse( - new ScopeNotAuthorizedError($"User scopes: '{string.Join(",", scopes)}' do not have all allowed scopes: '{string.Join(",", routeAllowedScopes)}'")); + new ScopeNotAuthorizedError($"User scopes: '{string.Join(",", scopes)}' do not have all allowed route scopes: '{string.Join(",", routeAllowedScopes)}'")); } return new OkResponse(true); From 659cb1e1e1a83cc8fdd38d1a24ab0934e80c0fd1 Mon Sep 17 00:00:00 2001 From: Mehmet Yasin AKAR Date: Mon, 14 Aug 2023 10:09:25 +0300 Subject: [PATCH 07/12] Fix --- src/Ocelot/Authorization/ScopesAuthorizer.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Ocelot/Authorization/ScopesAuthorizer.cs b/src/Ocelot/Authorization/ScopesAuthorizer.cs index 8f6ba9c6c..e85392cb4 100644 --- a/src/Ocelot/Authorization/ScopesAuthorizer.cs +++ b/src/Ocelot/Authorization/ScopesAuthorizer.cs @@ -38,7 +38,7 @@ public Response Authorize(ClaimsPrincipal claimsPrincipal, List ro if (routeAllowedScopes.Except(userScopes).Any()) { return new ErrorResponse( - new ScopeNotAuthorizedError($"User scopes: '{string.Join(",", scopes)}' do not have all allowed route scopes: '{string.Join(",", routeAllowedScopes)}'")); + new ScopeNotAuthorizedError($"User scopes: '{string.Join(",", userScopes)}' do not have all allowed route scopes: '{string.Join(",", routeAllowedScopes)}'")); } return new OkResponse(true); From 708c321cfc3003f3d0353596c78b346d27bd2963 Mon Sep 17 00:00:00 2001 From: raman-m Date: Thu, 24 Aug 2023 17:27:53 +0300 Subject: [PATCH 08/12] Fix errors and messages --- src/Ocelot/Authorization/ScopesAuthorizer.cs | 13 +++++++++---- .../Infrastructure/ScopesAuthorizerTests.cs | 10 +++++----- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/src/Ocelot/Authorization/ScopesAuthorizer.cs b/src/Ocelot/Authorization/ScopesAuthorizer.cs index e85392cb4..904b5ea21 100644 --- a/src/Ocelot/Authorization/ScopesAuthorizer.cs +++ b/src/Ocelot/Authorization/ScopesAuthorizer.cs @@ -7,7 +7,12 @@ namespace Ocelot.Authorization public class ScopesAuthorizer : IScopesAuthorizer { private const string ScopeClaimKey = "scope"; - private readonly IClaimsParser _claimsParser; + private readonly IClaimsParser _claimsParser; + + public ScopesAuthorizer(IClaimsParser claimsParser) + { + _claimsParser = claimsParser; + } public Response Authorize(ClaimsPrincipal claimsPrincipal, List routeAllowedScopes) { @@ -29,16 +34,16 @@ public Response Authorize(ClaimsPrincipal claimsPrincipal, List ro { var scope = userScopes[0]; - if (scope.Contains(" ")) + if (scope.Contains(' ')) { - userScopes = scope.Split(" ", StringSplitOptions.RemoveEmptyEntries); + userScopes = scope.Split(' ', StringSplitOptions.RemoveEmptyEntries); } } if (routeAllowedScopes.Except(userScopes).Any()) { return new ErrorResponse( - new ScopeNotAuthorizedError($"User scopes: '{string.Join(",", userScopes)}' do not have all allowed route scopes: '{string.Join(",", routeAllowedScopes)}'")); + new ScopeNotAuthorizedError($"User scopes: '{string.Join(',', userScopes)}' do not have all allowed route scopes: '{string.Join(',', routeAllowedScopes)}'")); } return new OkResponse(true); diff --git a/test/Ocelot.UnitTests/Infrastructure/ScopesAuthorizerTests.cs b/test/Ocelot.UnitTests/Infrastructure/ScopesAuthorizerTests.cs index b94774bbe..57084a34f 100644 --- a/test/Ocelot.UnitTests/Infrastructure/ScopesAuthorizerTests.cs +++ b/test/Ocelot.UnitTests/Infrastructure/ScopesAuthorizerTests.cs @@ -21,7 +21,7 @@ public ScopesAuthorizerTests() } [Fact] - public void should_return_ok_if_no_allowed_scopes() + public void Should_return_ok_if_no_allowed_scopes() { this.Given(_ => GivenTheFollowing(new ClaimsPrincipal())) .And(_ => GivenTheFollowing(new List())) @@ -31,7 +31,7 @@ public void should_return_ok_if_no_allowed_scopes() } [Fact] - public void should_return_ok_if_null_allowed_scopes() + public void Should_return_ok_if_null_allowed_scopes() { this.Given(_ => GivenTheFollowing(new ClaimsPrincipal())) .And(_ => GivenTheFollowing((List)null)) @@ -41,7 +41,7 @@ public void should_return_ok_if_null_allowed_scopes() } [Fact] - public void should_return_error_if_claims_parser_returns_error() + public void Should_return_error_if_claims_parser_returns_error() { var fakeError = new FakeError(); this.Given(_ => GivenTheFollowing(new ClaimsPrincipal())) @@ -53,7 +53,7 @@ public void should_return_error_if_claims_parser_returns_error() } [Fact] - public void should_match_scopes_and_return_ok_result() + public void Should_match_scopes_and_return_ok_result() { var claimsPrincipal = new ClaimsPrincipal(); var allowedScopes = new List { "someScope" }; @@ -67,7 +67,7 @@ public void should_match_scopes_and_return_ok_result() } [Fact] - public void should_not_match_scopes_and_return_error_result() + public void Should_not_match_scopes_and_return_error_result() { var fakeError = new FakeError(); var claimsPrincipal = new ClaimsPrincipal(); From f1f613f710ef3d9c97b428e3ddef7261618ba71b Mon Sep 17 00:00:00 2001 From: mehyaa Date: Thu, 14 Sep 2023 14:19:35 +0300 Subject: [PATCH 09/12] Tests fixed --- test/Ocelot.AcceptanceTests/AuthorizationTests.cs | 2 +- test/Ocelot.AcceptanceTests/ClaimsToDownstreamPathTests.cs | 2 +- test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs | 2 +- .../ClaimsToQueryStringForwardingTests.cs | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test/Ocelot.AcceptanceTests/AuthorizationTests.cs b/test/Ocelot.AcceptanceTests/AuthorizationTests.cs index b9e43efdc..4207dd5ca 100644 --- a/test/Ocelot.AcceptanceTests/AuthorizationTests.cs +++ b/test/Ocelot.AcceptanceTests/AuthorizationTests.cs @@ -177,7 +177,7 @@ public void should_return_response_200_using_identity_server_with_allowed_scope( AuthenticationOptions = new FileAuthenticationOptions { AuthenticationProviderKey = "Test", - AllowedScopes = new List{ "api", "api.readOnly", "openid", "offline_access" }, + AllowedScopes = new List{ "api", "api.readOnly" }, }, }, }, diff --git a/test/Ocelot.AcceptanceTests/ClaimsToDownstreamPathTests.cs b/test/Ocelot.AcceptanceTests/ClaimsToDownstreamPathTests.cs index 1c2e98167..020ca5ae7 100644 --- a/test/Ocelot.AcceptanceTests/ClaimsToDownstreamPathTests.cs +++ b/test/Ocelot.AcceptanceTests/ClaimsToDownstreamPathTests.cs @@ -68,7 +68,7 @@ public void should_return_200_and_change_downstream_path() AuthenticationProviderKey = "Test", AllowedScopes = new List { - "openid", "offline_access", "api", + "api", }, }, ChangeDownstreamPathTemplate = diff --git a/test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs b/test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs index 1ca691cf2..b86c8b995 100644 --- a/test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs +++ b/test/Ocelot.AcceptanceTests/ClaimsToHeadersForwardingTests.cs @@ -76,7 +76,7 @@ public void should_return_response_200_and_foward_claim_as_header() AuthenticationProviderKey = "Test", AllowedScopes = new List { - "openid", "offline_access", "api", + "api", }, }, AddHeadersToRequest = diff --git a/test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs b/test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs index 00c757327..c929f1af8 100644 --- a/test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs +++ b/test/Ocelot.AcceptanceTests/ClaimsToQueryStringForwardingTests.cs @@ -74,7 +74,7 @@ public void should_return_response_200_and_foward_claim_as_query_string() AuthenticationProviderKey = "Test", AllowedScopes = new List { - "openid", "offline_access", "api", + "api", }, }, AddQueriesToRequest = @@ -140,7 +140,7 @@ public void should_return_response_200_and_foward_claim_as_query_string_and_pres AuthenticationProviderKey = "Test", AllowedScopes = new List { - "openid", "offline_access", "api", + "api", }, }, AddQueriesToRequest = From ecb22c7ef29016619a9e5498ecacbcc6be6fec0e Mon Sep 17 00:00:00 2001 From: Mehmet Yasin AKAR Date: Thu, 14 Sep 2023 14:47:25 +0300 Subject: [PATCH 10/12] Test names corrected --- .../Infrastructure/ScopesAuthorizerTests.cs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/test/Ocelot.UnitTests/Infrastructure/ScopesAuthorizerTests.cs b/test/Ocelot.UnitTests/Infrastructure/ScopesAuthorizerTests.cs index 57084a34f..b94774bbe 100644 --- a/test/Ocelot.UnitTests/Infrastructure/ScopesAuthorizerTests.cs +++ b/test/Ocelot.UnitTests/Infrastructure/ScopesAuthorizerTests.cs @@ -21,7 +21,7 @@ public ScopesAuthorizerTests() } [Fact] - public void Should_return_ok_if_no_allowed_scopes() + public void should_return_ok_if_no_allowed_scopes() { this.Given(_ => GivenTheFollowing(new ClaimsPrincipal())) .And(_ => GivenTheFollowing(new List())) @@ -31,7 +31,7 @@ public void Should_return_ok_if_no_allowed_scopes() } [Fact] - public void Should_return_ok_if_null_allowed_scopes() + public void should_return_ok_if_null_allowed_scopes() { this.Given(_ => GivenTheFollowing(new ClaimsPrincipal())) .And(_ => GivenTheFollowing((List)null)) @@ -41,7 +41,7 @@ public void Should_return_ok_if_null_allowed_scopes() } [Fact] - public void Should_return_error_if_claims_parser_returns_error() + public void should_return_error_if_claims_parser_returns_error() { var fakeError = new FakeError(); this.Given(_ => GivenTheFollowing(new ClaimsPrincipal())) @@ -53,7 +53,7 @@ public void Should_return_error_if_claims_parser_returns_error() } [Fact] - public void Should_match_scopes_and_return_ok_result() + public void should_match_scopes_and_return_ok_result() { var claimsPrincipal = new ClaimsPrincipal(); var allowedScopes = new List { "someScope" }; @@ -67,7 +67,7 @@ public void Should_match_scopes_and_return_ok_result() } [Fact] - public void Should_not_match_scopes_and_return_error_result() + public void should_not_match_scopes_and_return_error_result() { var fakeError = new FakeError(); var claimsPrincipal = new ClaimsPrincipal(); From 528db0956adafc5470ae02133ff99d8ad99023cb Mon Sep 17 00:00:00 2001 From: Mehmet Yasin AKAR Date: Fri, 15 Sep 2023 09:59:23 +0300 Subject: [PATCH 11/12] Tiny change --- src/Ocelot/Authorization/ScopesAuthorizer.cs | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/Ocelot/Authorization/ScopesAuthorizer.cs b/src/Ocelot/Authorization/ScopesAuthorizer.cs index 904b5ea21..a7a56daeb 100644 --- a/src/Ocelot/Authorization/ScopesAuthorizer.cs +++ b/src/Ocelot/Authorization/ScopesAuthorizer.cs @@ -7,11 +7,12 @@ namespace Ocelot.Authorization public class ScopesAuthorizer : IScopesAuthorizer { private const string ScopeClaimKey = "scope"; - private readonly IClaimsParser _claimsParser; - - public ScopesAuthorizer(IClaimsParser claimsParser) - { - _claimsParser = claimsParser; + + private readonly IClaimsParser _claimsParser; + + public ScopesAuthorizer(IClaimsParser claimsParser) + { + _claimsParser = claimsParser; } public Response Authorize(ClaimsPrincipal claimsPrincipal, List routeAllowedScopes) @@ -49,4 +50,4 @@ public Response Authorize(ClaimsPrincipal claimsPrincipal, List ro return new OkResponse(true); } } -} +} \ No newline at end of file From d9fd3bde33ed585ffa8b626a9bdb12695855ba71 Mon Sep 17 00:00:00 2001 From: Raman Maksimchuk Date: Tue, 5 Nov 2024 11:49:50 +0300 Subject: [PATCH 12/12] Revert variable names to their previous identifiers to compare the changes --- src/Ocelot/Authorization/ScopesAuthorizer.cs | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/Ocelot/Authorization/ScopesAuthorizer.cs b/src/Ocelot/Authorization/ScopesAuthorizer.cs index a7a56daeb..18632b70b 100644 --- a/src/Ocelot/Authorization/ScopesAuthorizer.cs +++ b/src/Ocelot/Authorization/ScopesAuthorizer.cs @@ -6,9 +6,8 @@ namespace Ocelot.Authorization { public class ScopesAuthorizer : IScopesAuthorizer { - private const string ScopeClaimKey = "scope"; - private readonly IClaimsParser _claimsParser; + private const string Scope = "scope"; public ScopesAuthorizer(IClaimsParser claimsParser) { @@ -22,14 +21,14 @@ public Response Authorize(ClaimsPrincipal claimsPrincipal, List ro return new OkResponse(true); } - var scopesResponse = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, ScopeClaimKey); + var values = _claimsParser.GetValuesByClaimType(claimsPrincipal.Claims, Scope); - if (scopesResponse.IsError) + if (values.IsError) { - return new ErrorResponse(scopesResponse.Errors); + return new ErrorResponse(values.Errors); } - IList userScopes = scopesResponse.Data; + IList userScopes = values.Data; if (userScopes.Count == 1) { @@ -50,4 +49,4 @@ public Response Authorize(ClaimsPrincipal claimsPrincipal, List ro return new OkResponse(true); } } -} \ No newline at end of file +}