You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Well, I can confirm this is a breaking change after change the way the library is sending the user information.
Previous to this version the DefaultClaimsEncoder class serialized only the ClaimsType and Value of the Claims collection in a very manual way. In this version we changed that in order to include in the serialization all the information a Claim can include. To do this we create an AuthenticationTicket and use the TicketSerializer class to seralize the whole ticket.
As a consequence there is a breaking change when you send an empty collection of claims in the WithIdentity extension method. Before this change, this produced an Unauthorized result, because there is no ClaimsPrincipal created because the empty claims. After this version this produces a Forbidden response, because a ClaimsPrincpal without claims is created, so the request is authenticated but it fails in the authorization process.
We need to double check a change in the behavior of the library related to this
The text was updated successfully, but these errors were encountered: