Revert "Set DefaultMapInboundClaims to false to keep roles claim type" (

#3293) Revert "Set DefaultMapInboundClaims to false to keep roles claim type (#3281)" This reverts commit da87dc2.
microsoft · Jan 9, 2024 · ba723a8 · ba723a8
1 parent faf3187
commit ba723a8
Showing 1 changed file with 2 additions and 8 deletions.
diff --git a/src/Microsoft.Health.Dicom.Api/Modules/SecurityModule.cs b/src/Microsoft.Health.Dicom.Api/Modules/SecurityModule.cs
@@ -1,4 +1,4 @@
-// -------------------------------------------------------------------------------------------------
+// -------------------------------------------------------------------------------------------------
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License (MIT). See LICENSE in the repo root for license information.
 // -------------------------------------------------------------------------------------------------
@@ -37,13 +37,7 @@ public void Load(IServiceCollection services)
         EnsureArg.IsNotNull(services, nameof(services));
 
         // Set the token handler to not do auto inbound mapping. (e.g. "roles" -> "http://schemas.microsoft.com/ws/2008/06/identity/claims/role")
-        // The JWT security token handler has a new property MapInboundClaims which is set to true by default.
-        // When this property is true, it maps some claim types to Microsoft's proprietary ones.
-        // This includes mapping the standard JWT "roles" claim to ClaimTypes.Role.
-        // If you want to keep the "roles" claim as is, you need to set MapInboundClaims to false
-        // In .Net 7, JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); works
-        // Im .Net 8. JwtSecurityTokenHandler.DefaultMapInboundClaims = false; works
-        JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
+        JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
 
         if (_securityConfiguration.Enabled)
         {