add list of categories in token instead of roles and functions only

Author: HasanJaved-Developer

UserManagementApi/Controllers/UsersController.cs

@@ -44,16 +44,10 @@ public async Task<ActionResult<AuthResponse>> Authenticate([FromBody] DTO.LoginR
                 return Unauthorized("Invalid credentials.");
             }
 
-            // Collect roles & function codes for claims (optional but handy)
-            var roleIds = user.UserRoles.Select(ur => ur.RoleId).ToList();
-
-            var functionCodes = await _db.RoleFunctions
-                .Where(rf => roleIds.Contains(rf.RoleId))
-                .Select(rf => rf.Function.Code)
-                .Distinct()
-                .ToListAsync();
-
-            var token = GenerateJwt(user, user.UserRoles.Select(ur => ur.Role.Name).Distinct().ToList(), functionCodes, out var expiresAtUtc);
+   
+            var dto = await BuildPermissionsForUser(user.Id);
+                        
+            var token = GenerateJwt(user, dto.Categories, out var expiresAtUtc);
 
             // Get the same permissions tree you already expose
             var permissions = await BuildPermissionsForUser(user.Id);
@@ -136,24 +130,26 @@ on rf.FunctionId equals f.Id
 
             return new UserPermissionsDto(user.Id, user.UserName, categoryDtos);
         }
-
-        private string GenerateJwt(AppUser user, IEnumerable<string> roles, IEnumerable<string> functionCodes, out DateTime expiresAtUtc)
+                
+        private string GenerateJwt(AppUser user, List<CategoryDto> Categories, out DateTime expiresAtUtc)
         {
-            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_jwt.KeyBase64));
+            var keyBase64 = _jwt.Key;
+            var keyPlain = Encoding.UTF8.GetString(Convert.FromBase64String(keyBase64));
+
+            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(keyPlain));
             var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
 
             var claims = new List<Claim>
             {
                 new(JwtRegisteredClaimNames.Sub, user.Id.ToString()),
                 new(JwtRegisteredClaimNames.UniqueName, user.UserName)
             };
-
-            // optional: add role claims
-            claims.AddRange(roles.Select(r => new Claim(ClaimTypes.Role, r)));
-
-            // optional: add function claims (careful: keep token size reasonable)
-            foreach (var fn in functionCodes)
-                claims.Add(new Claim("perm", fn));
+            
+            
+            // optional: add claims (careful: keep token size reasonable)
+            var categoriesJson = System.Text.Json.JsonSerializer.Serialize(Categories);
+            claims.Add(new Claim("categories", categoriesJson));
+            
 
             var now = DateTime.UtcNow;
             expiresAtUtc = now.AddMinutes(_jwt.ExpiresMinutes);

UserManagementApi/DTO/Auth/JwtOptions.cs

@@ -4,7 +4,7 @@ public class JwtOptions
     {
         public string Issuer { get; set; } = null!;
         public string Audience { get; set; } = null!;
-        public string KeyBase64 { get; set; } = null!;
+        public string Key { get; set; } = null!;
         public int ExpiresMinutes { get; set; }
     }
 }

UserManagementApi/Program.cs

@@ -30,7 +30,7 @@
 builder.Services.Configure<JwtOptions>(builder.Configuration.GetSection("Jwt"));
 var jwt = builder.Configuration.GetSection("Jwt").Get<JwtOptions>()!;
 
-var keyBase64 = builder.Configuration["Jwt:KeyBase64"]!;
+var keyBase64 = builder.Configuration["Jwt:Key"]!;
 var keyPlain = Encoding.UTF8.GetString(Convert.FromBase64String(keyBase64));
 
 builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
@@ -58,34 +58,34 @@
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen(c =>
 {
-    c.SwaggerDoc("v1", new OpenApiInfo
+    c.SwaggerDoc("v1", new()
     {
         Title = "User Management API",
         Version = "v1",
         Description = "API for user authentication, authorization and management"
     });
 
     // Bearer token support
-    var jwtSecurityScheme = new OpenApiSecurityScheme
+    var jwtSecurityScheme = new Microsoft.OpenApi.Models.OpenApiSecurityScheme
     {
         Scheme = "bearer",
         BearerFormat = "JWT",
         Name = "Authorization",
-        In = ParameterLocation.Header,
-        Type = SecuritySchemeType.Http,
+        In = Microsoft.OpenApi.Models.ParameterLocation.Header,
+        Type = Microsoft.OpenApi.Models.SecuritySchemeType.Http,
         Description = "JWT auth using Bearer scheme. Paste **only** the token below.",
 
-        Reference = new OpenApiReference
+        Reference = new Microsoft.OpenApi.Models.OpenApiReference
         {
             Id = "Bearer",
-            Type = ReferenceType.SecurityScheme
+            Type = Microsoft.OpenApi.Models.ReferenceType.SecurityScheme
         }
     };
 
     c.AddSecurityDefinition("Bearer", jwtSecurityScheme);
 
     // Require Bearer token for all operations (you can remove if you prefer per-endpoint)
-    c.AddSecurityRequirement(new OpenApiSecurityRequirement
+    c.AddSecurityRequirement(new Microsoft.OpenApi.Models.OpenApiSecurityRequirement
     {
         { jwtSecurityScheme, Array.Empty<string>() }
     });
@@ -117,8 +117,7 @@
 
 // Configure the HTTP request pipeline.
 if (app.Environment.IsDevelopment())
-{
-    app.MapOpenApi();
+{    
     app.UseSwagger();
     app.UseSwaggerUI(c =>
     {

UserManagementApi/appsettings.json

@@ -27,7 +27,7 @@
   "Jwt": {
     "Issuer": "PermsApi",
     "Audience": "PermsApiAudience",
-    "KeyBase64": "dmVyeV9sb25nX2Rldl9rZXlfY2hhbmdlX2luX3Byb2RfMTIzNDU2Nzg5MA==",
+    "Key": "dmVyeV9sb25nX2Rldl9rZXlfY2hhbmdlX2luX3Byb2RfMTIzNDU2Nzg5MA==",
     "ExpiresMinutes": 60
   }