Role Authorization Not Recognized - ASPNET CORE 5 with IdentityServer4 Cookie/Oidc Authentication

Question

I have implemented Login with IdentityServer4 using Cookie/Oidc Authentication, going straight to the point I can see at the endpoint I have the neccessary claim with the role as you can see in this image:

claims image

role

As you can see the Roles part from Authorize is commented out, if I add that back I never hit the endpoint and I am redirected to Account/AccessDenied, I also tried other things like policy with requireRole/requireClaim in UseAuthorization but nothing literally nothing seems to work, I just don't get it...

here is my code from the client :

public void ConfigureServices(IServiceCollection services)
    {
        services.AddAuthentication(config =>
            {
                config.DefaultScheme = "Cookie";
                config.DefaultChallengeScheme = "oidc";
            })
            .AddCookie("Cookie")
            .AddOpenIdConnect("oidc", config =>
            {
                config.Authority = "https://localhost:5005";
                config.ClientId = "client_id_mvc";
                config.ClientSecret = "client_secret_mvc";
                config.SaveTokens = true;
                config.ResponseType = "code";

                config.GetClaimsFromUserInfoEndpoint = true;

                config.Scope.Add("roles");
                config.ClaimActions.MapUniqueJsonKey("role", "role", "role");
                config.TokenValidationParameters.NameClaimType = "name";
                config.TokenValidationParameters.RoleClaimType = "role";
            });

        services.AddControllersWithViews();
    }

Please help :D

Answer 1

The name of your Role claim in the token is http://schemas.microsoft.com/ws/2008/06/identity/claims/role but you configured your OIDC to look for a claim named role. So they don't match and therefore you won't pass.