I am not well versed in this area (learning more as I type this!) but I hope what I am saying makes a bit of sense.
We have an OIDC implementation to log into Squidex which is working, however the claims specified are set as permissions when the user first logs in and are not updated on subsequent logins. This means we cannot update the permissions for existing users without either deleting the user and getting them to log in again (but this unlinks their account from changes so you see a lot of ‘Unknown’ in the ‘Last Updated By’ and similar fields), or by manually updating the permissions which can be quite onerous when you have over 100 accounts to update.
Is there a way of specifying a user’s permissions should be updated on login or should that be happening anyway and our implementation could be wrong?
For example lets say a user logged in when our claims specified the below:
squidex.apps.testapp.assets squidex.apps.testapp.contents.*.read squidex.apps.testapp.contents.testschema.create
But we release a new version of our login provider that says that user should have following claims:
squidex.apps.testapp.assets squidex.apps.testapp.contents.*.read squidex.apps.testapp.contents.testschema.create squidex.apps.testapp.contents.testschema.update
That last claim is never assigned to the user as a permission. They are stuck with just:
Any guidance would be greatly appreciated!