Introduce IdentityUserIntegrationService #16962
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
IUserRoleFinder
is used byRolePermissionManagementProvider
to get a list of role names of a user to be able to manage the user's permissions.The remote implementation of the
IUserRoleFinder
interface isHttpClientUserRoleFinder
which was usingIIdentityUserAppService.GetRolesAsync
method.IIdentityUserAppService
is an application service and implements authorization. When you implement a microservice solution, permission management can be in one service and identity management can be in another service. In that case, the permission microservice makes an HTTP request to obtain user's roles. Since the used appservice method requires authorization, we were authenticating the permission microservice first, then authorizing it to be able to use the remote identity service.That authentication/authorization brings additional complexity. We want to remove that, so we will use an non-authorized integration service for that reason.
This is a breaking change for microservice solutions, because of two reasons:
404
error from the identity microservice.