web policy for two factor apis

2025-02-01 23:31:41 +01:00 · 2017-06-26 09:09:30 -04:00 · 2017-06-26 09:09:30 -04:00 · 12da107c51
commit 12da107c51
parent eea2ae30b4
2 changed files with 10 additions and 1 deletions
--- a/src/Api/Controllers/TwoFactorController.cs
+++ b/src/Api/Controllers/TwoFactorController.cs
@ -15,7 +15,7 @@ using Newtonsoft.Json;
 namespace Bit.Api.Controllers
 {
    [Route("two-factor")]
-    [Authorize("Application")]
+    [Authorize("Web")]
    public class TwoFactorController : Controller
    {
        private readonly IUserService _userService;
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@ -79,6 +79,15 @@ namespace Bit.Api
                    policy.AddAuthenticationSchemes("Bearer2", "Bearer3");
                    policy.RequireAuthenticatedUser();
                    policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application");
+                    policy.RequireClaim(JwtClaimTypes.Scope, "api");
+                });
+                config.AddPolicy("Web", policy =>
+                {
+                    policy.AddAuthenticationSchemes("Bearer2", "Bearer3");
+                    policy.RequireAuthenticatedUser();
+                    policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application");
+                    policy.RequireClaim(JwtClaimTypes.Scope, "api");
+                    policy.RequireClaim(JwtClaimTypes.ClientId, "web");
                });
            });