Merge pull request #299 from Azure-Samples/fix-api-permission-bug

derisen · web-flow · commit 1ce52555ebd6 · 2023-04-20T11:01:23.000-07:00
Fix the token type helper method
diff --git a/3-Authorization-II/1-call-api/API/TodoListAPI/Controllers/TodoListController.cs b/3-Authorization-II/1-call-api/API/TodoListAPI/Controllers/TodoListController.cs
@@ -38,7 +38,7 @@ private bool IsAppOnlyToken()
             else
             {
                 // alternatively, if an AT contains the roles claim but no scp claim, that indicates it's an app token
-                return HttpContext.User.Claims.Any(c => c.Type == "roles") && HttpContext.User.Claims.Any(c => c.Type != "scp");
+                return HttpContext.User.Claims.Any(c => c.Type == "roles") && !HttpContext.User.Claims.Any(c => c.Type == "scp");
             }
         }
 
diff --git a/3-Authorization-II/1-call-api/README-incremental.md b/3-Authorization-II/1-call-api/README-incremental.md
@@ -324,7 +324,7 @@ private bool IsAppOnlyToken()
     else
     {
         // alternatively, if an AT contains the roles claim but no scp claim, that indicates it's an app token
-        return HttpContext.User.Claims.Any(c => c.Type == "roles") && HttpContext.User.Claims.Any(c => c.Type != "scp");
+        return HttpContext.User.Claims.Any(c => c.Type == "roles") && !HttpContext.User.Claims.Any(c => c.Type == "scp");
     }
 }
 ```
diff --git a/3-Authorization-II/1-call-api/README.md b/3-Authorization-II/1-call-api/README.md
@@ -379,7 +379,7 @@ private bool IsAppOnlyToken()
     else
     {
         // alternatively, if an AT contains the roles claim but no scp claim, that indicates it's an app token
-        return HttpContext.User.Claims.Any(c => c.Type == "roles") && HttpContext.User.Claims.Any(c => c.Type != "scp");
+        return HttpContext.User.Claims.Any(c => c.Type == "roles") && !HttpContext.User.Claims.Any(c => c.Type == "scp");
     }
 }
 ```
diff --git a/6-AdvancedScenarios/2-call-api-mt/API/TodoListAPI/Controllers/TodoListController.cs b/6-AdvancedScenarios/2-call-api-mt/API/TodoListAPI/Controllers/TodoListController.cs
@@ -38,7 +38,7 @@ private bool IsAppOnlyToken()
             else
             {
                 // alternatively, if an AT contains the roles claim but no scp claim, that indicates it's an app token
-                return HttpContext.User.Claims.Any(c => c.Type == "roles") && HttpContext.User.Claims.Any(c => c.Type != "scp");
+                return HttpContext.User.Claims.Any(c => c.Type == "roles") && !HttpContext.User.Claims.Any(c => c.Type == "scp");
             }
         }
 

Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ private bool IsAppOnlyToken()`
`38`	`38`	`else`
`39`	`39`	`{`
`40`	`40`	`// alternatively, if an AT contains the roles claim but no scp claim, that indicates it's an app token`
`41`		`- return HttpContext.User.Claims.Any(c => c.Type == "roles") && HttpContext.User.Claims.Any(c => c.Type != "scp");`
	`41`	`+ return HttpContext.User.Claims.Any(c => c.Type == "roles") && !HttpContext.User.Claims.Any(c => c.Type == "scp");`
`42`	`42`	`}`
`43`	`43`	`}`
`44`	`44`
Original file line number	Diff line number	Diff line change
`@@ -324,7 +324,7 @@ private bool IsAppOnlyToken()`
`324`	`324`	`else`
`325`	`325`	`{`
`326`	`326`	`// alternatively, if an AT contains the roles claim but no scp claim, that indicates it's an app token`
`327`		`- return HttpContext.User.Claims.Any(c => c.Type == "roles") && HttpContext.User.Claims.Any(c => c.Type != "scp");`
	`327`	`+ return HttpContext.User.Claims.Any(c => c.Type == "roles") && !HttpContext.User.Claims.Any(c => c.Type == "scp");`
`328`	`328`	`}`
`329`	`329`	`}`
`330`	`330`	```
Original file line number	Diff line number	Diff line change
`@@ -379,7 +379,7 @@ private bool IsAppOnlyToken()`
`379`	`379`	`else`
`380`	`380`	`{`
`381`	`381`	`// alternatively, if an AT contains the roles claim but no scp claim, that indicates it's an app token`
`382`		`- return HttpContext.User.Claims.Any(c => c.Type == "roles") && HttpContext.User.Claims.Any(c => c.Type != "scp");`
	`382`	`+ return HttpContext.User.Claims.Any(c => c.Type == "roles") && !HttpContext.User.Claims.Any(c => c.Type == "scp");`
`383`	`383`	`}`
`384`	`384`	`}`
`385`	`385`	```