Question
I have a an MVC5/AngularJS app that is using OWIN token authentication. Currently, when I make a call to my token endpoint, I get an object like this:
https://stackoverflow.com/questions/23600916
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian{
"access_token": "token data here",
"token_type": "bearer",
"expires_in": 1209599,
"userName": "user name",
".issued": "Sun, 11 May 2014 01:51:23 GMT",
".expires": "Sun, 12 May 2014 01:51:23 GMT"
};
Is there anyway I can add user roles to this before I send it to the client?
La solution
I don't believe that you can, and it is best that way, make a separate call to get the user's roles/claims.
By doing so you are keeping the appropriate separation of concerns (authentication & authorization). Keep the logic from determining who a user is separate from determining what the user can do. This way if you down the road you decide to replace just one of those two components you are not re-writing your entire client side.
