Ingnore Tenant in case of invalid scope on JWT microservice

[andmattia]

Is there an existing issue for this?

• I have searched the existing issues

Description

I found that my microservice ignore tenant even if my user is tenant user.

Reproduction Steps

Step to reproduce:

• create microservice name MyFirstMiscroService
• add manual scope MyFirstMiscroService2
• configure all to give access to MyFirstMiscroService2
• got to API page do login in tenant
• check JWT that user is tenant user
• create an enetity

Now you can see that entity has tanantId null

Expected behavior

I hexpected to have a 401 / 403 error

Actual behavior

No response

Regression?

No response

Known Workarounds

No response

Version

7.4.5

User Interface

Common (Default)

Database Provider

EF Core (Default)

Tiered or separate authentication server

None (Default)

Operation System

Windows (Default)

Other information

No response

[maliming]

hi

We are unable to reproduce the problem based on your steps.

[andmattia]

So strange in my case it's quite simple. Are sure to use different name in

 JwtBearerConfigurationHelper.Configure(context, "QualityService");
        SwaggerConfigurationHelper.ConfigureWithOidc(
            context: context,
            authority: configuration["AuthServer:Authority"]!,
            scopes: new[] { "QualityService" },
            flows: new[] { "authorization_code" },
            discoveryEndpoint: configuration["AuthServer:MetadataAddress"],
            apiTitle: "QualityService Service API"
        );
...

in OpenId Scope change QualityService -> BadQualityService from *HttpApiHostModule.Cs