FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. sferry
    S
    • Profile
    • Following 0
    • Followers 0
    • Topics 2
    • Posts 2
    • Best 0
    • Controversial 0
    • Groups 0

    sferry

    @sferry

    0
    Reputation
    2
    Profile views
    2
    Posts
    0
    Followers
    0
    Following
    Joined Last Online
    sferry Unfollow Follow

    Latest posts made by sferry

    • Is is possible to have cross applications roles in JWT Tokens?

      Hello, we are planning to use FusionAuth to rework the authentication & authorization mechanisms on our Saas solution.

      We have multiple SPA (Angular) applications relying on differents APIs (.NET Core, all on the same root domain name). We have a set of internal super-admin users and a lot of final end-users that are our clients.

      • We would like our Angular applications to implement the Authorization Code Grant.
      • Retrieve all roles available for a user (for all applications) in the JWT token.

      So that the end-user is able to sign-in once and can navigate across the apps for which he has the expected roles.

      To do so, we were planning to have a central end-point (an API setup as a dedicated FusionAuth application) that would be in charge of exchanging authorization code for the desired tokens which would contain all user's roles for SPA1, SPA2, API1, etc.

      In the tests we did we were receiving only the roles for the central application while we would like to receive the roles for all the apps of the tenant.

      Could you please tell us if the architecture we are planning is a good approach or are we going in the wrong direction? And if so, what would you recommend to implement for our need?

      Thanks.

      posted in Q&A
      S
      sferry