OIDC authn and authz not working with roles array (like ['Admin', 'ReadAll']

[FabianNet]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

Hi all,

I have set up aspire dashboard in docker with OIDC and EntraID as authority.

When I use
Dashboard__Frontend__OpenIdConnect__RequiredClaimType="roles" together with Dashboard__Frontend__OpenIdConnect__RequiredClaimValue="Admin" then I get an error message "Aspire.Dashboard.Authentication.FrontendCompositeAuthenticationHandler[13] AuthenticationScheme: FrontendComposite was forbidden."

When I use Dashboard__Frontend__OpenIdConnect__RequiredClaimType="Name" together with my name from the token Dashboard__Frontend__OpenIdConnect__RequiredClaimValue="Lastname, Firstname" then it works.

My assumption is that the Array of roles cant be parsed correctly in the dashboard backend or is there a way to work with array differently?

Thanks, Fabian

Expected Behavior

Login should work

Steps To Reproduce

Run docker with your EntraID tenant and client id and

docker run -it -d -p 18888:18888 -p 4317:4317 -e DOTNET_DASHBOARD_OTLP_ENDPOINT_URL=http://0.0.0.0:4317 -e Authentication__Schemes__OpenIdConnect__Authority=https://login.microsoftonline.com/xxxxx -e Dashboard__Frontend__AuthMode="OpenIdConnect" -e Authentication__Schemes__OpenIdConnect__ClientId="yyyyy" -e Authentication__Schemes__OpenIdConnect__ClientSecret="zzzzz" -e Authentication__Schemes__OpenIdConnect__ResponseType=code -e Authentication__Schemes__OpenIdConnect__Scope="openid profile email api://yyyyy/Api.Read" -e Authentication__Schemes__OpenIdConnect__CallbackPath=/signin-oidc -e Dashboard__Frontend__OpenIdConnect__RequiredClaimType="roles" -e Dashboard__Frontend__OpenIdConnect__RequiredClaimValue="Admin" --name aspire-dashboard mcr.microsoft.com/dotnet/aspire-dashboard:9.0

Exceptions (if any)

No response

.NET Version info

No response

Anything else?

No response