[Breaking change]: Access claims will be removed from ClaimsIdentity in V15 #18
Description
Description
The following claims will be removed from ClaimsIdentity in V15:
http://umbraco.org/2015/02/identity/claims/backoffice/startcontentnodehttp://umbraco.org/2015/02/identity/claims/backoffice/startmedianodehttp://umbraco.org/2015/02/identity/claims/backoffice/allowedapp
These claims correspond to these (now obsolete) security constants:
Umbraco.Cms.Core.Constants.Security.StartContentNodeIdClaimTypeUmbraco.Cms.Core.Constants.Security.StartMediaNodeIdClaimTypeUmbraco.Cms.Core.Constants.Security.AllowedApplicationsClaimType
Version
Umbraco 15
Previous behavior
The mentioned claims would be readily available for interpretation on ClaimsIdentity.
New behavior
The mentioned claims are no longer available on ClaimsIdentity.
Type of breaking change
- Binary incompatible: Existing binaries may encounter a breaking change in behavior, such as failure to load/execute or different run-time behavior.
- Source incompatible: Source code may encounter a breaking change in behavior when targeting the new runtime/component/SDK, such as compile errors or different run-time behavior.
Reason for change
First and foremost, this change allows for smoother access changes for users of the Management API. At this time we're forced to revoke tokens when access changes, which is not an ideal behaviour for currently logged-in users.
Secondly, this change paves the way for facilitating external authorization for specific operations that are currently tied to the ClaimsIdentity claims.
Recommended action
To access the allowed sections of a user, go directly to IUser:
private readonly IUserService _userService;
private async Task<IEnumerable<string>?> GetAllowedSections(Guid userKey)
{
IUser? user = await _userService.GetAsync(userKey);
return user?.AllowedSections;
}To access the calculated user start nodes, use the UserExtensions:
private readonly IEntityService _entityService;
private readonly AppCaches _appCaches;
private IEnumerable<int>? UserContentStartNodeIds(IUser user)
=> user.CalculateContentStartNodeIds(_entityService, _appCaches);
private IEnumerable<int>? UserMediaStartNodeIds(IUser user)
=> user.CalculateContentStartNodeIds(_entityService, _appCaches);Affected APIs
Umbraco.Extensions.ClaimsIdentityExtensions.GetStartContentNodes(this ClaimsIdentity identity)Umbraco.Extensions.ClaimsIdentityExtensions.GetStartMediaNodes(this ClaimsIdentity identity)Umbraco.Extensions.ClaimsIdentityExtensions.GetAllowedApplications(this ClaimsIdentity identity)