For the project I am working on, I need to create two separate (but not totally unrelated) applications with a common identity server. I picked IdentityServer4 for that purpose and it works well for me.
However, I need to be able to assign the users to multiple companies/projects (yes, it is a real life case) and possibly to different roles in each of them. However, I wasn't able to design the claims structure for that.
I see two approaches that could solve this problem;
Create a complex claim for each company/project which will contain companyId and the user's role in that company. Which could be in JSON form or a custom string like
companyGUID_roleClaimHowever, when I did a small research about it, I realized there are many people who don't think it is the right approach since they believe the claims should be simple key-value pairs.Let the applications connect/query the Identity database to retrieve the companies/projects and roles associated with the active user and protect resources using policies based on those data.
Maybe I am looking at it from a wrong side or one of those two is acceptable. Or there is another solution. Can you please help me find a solution to this problem?
