From f0b957810cade6ea33e4a79d4006a04e92f100b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Wed, 25 Aug 2021 15:51:51 +0200 Subject: [PATCH] Update the migration guide to mention that oi_scp claims are only usable with the OpenIddict validation handler --- guide/migration/20-to-30.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/guide/migration/20-to-30.md b/guide/migration/20-to-30.md index 5a04232..d79e5fa 100644 --- a/guide/migration/20-to-30.md +++ b/guide/migration/20-to-30.md @@ -171,6 +171,10 @@ services.AddAuthorization(options => }); ``` +> [!CAUTION] +> These 2 options only work with the OpenIddict validation handler as the `oi_scp` claims are not populated by the JWT bearer handler developped by Microsoft. +> If you can't migrate to the OpenIddict validation handler, consider splitting the standard `scope` claim manually to determine whether it contains a specific value. + ## Add and apply migrations, if necessary If your application uses Entity Framework Core or Entity Framework 6, add a migration to react to the schema changes listed below and apply it.