I am building an external authorization server using OpenIdDict and Active Directory. I am now able to login Squidex through that external authorization Server. However, the users are not able to view the app correctly.
The scenario is that I have a Custom Editor role with permission to view an article content only. I have an editor with email is my-editior@squidex.io. He is able to log in Squidex through my authorization server. In Squidex, there is now new created user under his email (my-editor@squidex.io). However, he is not able to view the article content until I (an admin) add him as a contributors under the Custom Editor Role. Otherwise, he just see the squidex in overview. I also checked the token generated by the external server and I can confirm that the claims and role are correct.
My question is that whether we have an approach to add automatically the logged in user (through external authorization server) as a contributors under his role and he will get the right permissions to use the squidex.
Is there anyway we can map the role with its permissions so we dont need to manually add the permissions in the identity server.
I found that in the appsettings.json in Squidex, there are two properties which is oidcRoleClaimType and oidcRoleMapping. So if I config that settings to
Unfortunately, it is not working as we expected. In particularly, if we add the permissions manually with squidex.apps.{app}.* it is working. But if we add granular permission such as squidex.apps.{app}.contents.pages|posts|articles. then we cannot login and new user is not created.
Also, I honestly dont know how to add multiple permission per user through our Identity Server. At this moment, what I did is
so you think the role mapping should work if the permission is defined correctly. I have removed it when I tested with manual adding permissions. I will try tomorrow.