.net core PBAC with a claim that is an array

aredn · January 21, 2019, 8:13pm

Is there a way to check against any value matches in a claim array.

Okta Token preview shows:
“TestingNameClaim”: “Joe”,
“OrgRole”: [
“Admin”,
“LST”
]

In my application the following provides access to the user:
services.AddAuthorization(options =>
{
options.AddPolicy(
“AccessClaims”,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.RequireClaim(“TestingNameClaim”, “Joe”);
});
});

But the following says access denied:
services.AddAuthorization(options =>
{
options.AddPolicy(
“AccessClaims”,
policyBuilder =>
{
policyBuilder.RequireAuthenticatedUser();
policyBuilder.RequireClaim(“OrgRoles”, “LST”);
});
});

Is there a way to see if the user has one of the roles in the claim array