Skip to content

support ClaimActions configure for dashboard #8396

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Oct 9, 2025
Merged

support ClaimActions configure for dashboard #8396

merged 11 commits into from
Oct 9, 2025

Conversation

@WeihanLi
Copy link
Contributor

@WeihanLi WeihanLi commented Mar 29, 2025
edited
Loading

Description

Try to support configure additional ClaimMap for the OpenIdConnect authentication

Fixes #7755

verified locally

Image

usage example:

{
    "Authentication": {
        "Schemes": {
            "OpenIdConnect": {
                "Authority": "https://id.weihanli.xyz",
                "ClientId": "aspire",
                "ClientSecret": "",
                "GetClaimsFromUserInfoEndpoint": true,
                "Scope": [
                    "roles"
                ]
            }
        }
    },
    "Dashboard": {
        "Frontend": {
            "AuthMode": "OpenIdConnect",
            "OpenIdConnect": {
                "RequiredClaimType": "role",
                "RequiredClaimValue": "Aspire",
                "ClaimActions": [
                    {
                        "ClaimType": "role",
                        "JsonKey": "role"
                    }
                ]
            }
        }
    }
}

environment sample:

  - name: Dashboard__Frontend__AuthMode
    value: "OpenIdConnect"
  - name: Dashboard__Frontend__OpenIdConnect__ClaimActions_0_ClaimType
    value: "role"
  - name: Dashboard__Frontend__OpenIdConnect__ClaimActions_0_JsonKey
    value: "role"
  - name: Dashboard__Frontend__OpenIdConnect__RequiredClaimType
    value: "role"
  - name: Dashboard__Frontend__OpenIdConnect__RequiredClaimValue
    value: "Aspire"

Checklist

  • Is this feature complete?
    • Yes. Ready to ship.
    • No. Follow-up changes expected.
  • Are you including unit tests for the changes and scenario tests if relevant?
    • Yes
    • No
  • Did you add public API?
    • Yes
      • If yes, did you have an API Review for it?
        • Yes
        • No
      • Did you add <remarks /> and <code /> elements on your triple slash comments?
        • Yes
        • No
    • No
  • Does the change make any security assumptions or guarantees?
    • Yes
      • If yes, have you done a threat model and had a security review?
        • Yes
        • No
    • No
  • Does the change require an update in our Aspire docs?

Copilot AI review requested due to automatic review settings March 29, 2025 00:12
@dotnet-policy-service dotnet-policy-service bot added the community-contribution Indicates that the PR has been added by a community member label Mar 29, 2025
Copilot AI reviewed Mar 29, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for configuring additional ClaimActions for OpenIdConnect authentication via a new property in DashboardOptions. It enables claim action configuration through a semicolon-separated string of commands that are parsed and applied during dashboard authentication setup.

  • Introduces ClaimActions configuration in DashboardOptions.
  • Parses and applies ClaimActions in DashboardWebApplication.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
src/Aspire.Dashboard/DashboardWebApplication.cs Adds logic to parse and apply custom ClaimActions for OpenIdConnect.
src/Aspire.Dashboard/Configuration/DashboardOptions.cs Adds a new string property to hold the ClaimActions configuration.

@WeihanLi
refactor: claim action exception message enhancement
c427d15 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@WeihanLi
Copy link
Contributor Author

WeihanLi commented Mar 29, 2025

The failed test seems not related to the change

@WeihanLi
Copy link
Contributor Author

WeihanLi commented May 18, 2025

@JamesNK could you please help have a look on this

@davidfowl
Copy link
Member

davidfowl commented Sep 3, 2025

@WeihanLi sorry for letting this go stale. This change has no tests and no scenario that we can verify (we need to be able to prevent regressions).

Do you still want this PR merged? Is so, can you figure out what tests would be best to add?

@WeihanLi
Copy link
Contributor Author

WeihanLi commented Sep 4, 2025

can you figure out what tests would be best to add?

Will try to add test cases this weekend

@davidfowl thanks for the comment, great to hear some feedback

@github-actions
Copy link
Contributor

github-actions bot commented Sep 7, 2025
edited
Loading

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 8396

Or

  • Run remotely in PowerShell:
iex "& { $(irm https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 8396"

@WeihanLi WeihanLi marked this pull request as draft September 7, 2025 12:22
JamesNK
JamesNK reviewed Sep 18, 2025
View reviewed changes
@WeihanLi WeihanLi marked this pull request as ready for review September 20, 2025 04:34
@WeihanLi WeihanLi requested a review from JamesNK September 20, 2025 04:34
WeihanLi
WeihanLi commented Sep 20, 2025
View reviewed changes
tests/Aspire.Dashboard.Tests/DashboardOptionsTests.cs
Assert.Contains(oidcOption.ClaimActions, x => x.ClaimType == claimAction.ClaimType && x.ValueType == claimAction.ValueType);
var action = oidcOption.ClaimActions.FirstOrDefault(x => x.ClaimType == claimAction.ClaimType);
Assert.NotNull(action);
var jsonElement = JsonDocument.Parse("""
Copy link
Contributor Author

@WeihanLi WeihanLi Sep 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could use JsonElement.Parse when we update to .NET 10

@JamesNK JamesNK merged commit 02af028 into dotnet:main Oct 9, 2025
302 checks passed
@dotnet-policy-service dotnet-policy-service bot added this to the 13.0 milestone Oct 9, 2025
@JamesNK
Copy link
Member

JamesNK commented Oct 9, 2025

Merged. I made some minor clean up changes.

Thanks @WeihanLi

Copilot AI mentioned this pull request Oct 10, 2025
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Nov 8, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@JamesNK JamesNK JamesNK approved these changes

Assignees

No one assigned

Labels

area-dashboard community-contribution Indicates that the PR has been added by a community member

Projects

None yet

Milestone

13.0

Development

Successfully merging this pull request may close these issues.

Dashboard role claim support

3 participants

@WeihanLi @davidfowl @JamesNK