How to properly handle authorization after adding user to role programatically #4515

• ABP Framework version: v7.0.1
• UI type: MVC
• DB provider: EF Core
• Tiered (MVC) or Identity Server Separated (Angular):no
• Exception message and stack trace:
• Steps to reproduce the issue:"

Here is my scenario:

• app has a public web site generated by abp suite, roles and permissions are seeded
• a new user goes to public web site
• user goes to log in. Since it is a new user, it goes through registration
• after registration when user is redirected to public web site index page. I check if the user has any role (CurrentUser.Roles.Length). Since the user is new, there are no roles so I redirect to a new page from public where he picks a role. After the user picks a role, he is being added to the role by using IdentityUserManager.AddToRoleAsync(). Everything is working without error and the role grant is visible in the database.

Now the problem:

• the user has registed and is logged in, it has been added to a role, but it seems that the current token and claims do not know about the role. Calling an app service that requires permission will throw authorization fail error. CurrentUser.Roles is empty. Manually logging off and the log in with the user makes it work, CurrentUser.Roles is filled and the authorized error goes away.

What I have tried:

• after adding the user to the role, I call for a page on Web (so not on public) which has access to SignInManager<IdentityUser> which does a RefreshSignInAsync(). After doing this call and refreshing the page, the CurrentUser.Roles gets filled. This works on Web, however the token on the Public web remains the same.

Questions:

• what do I need to do in order to have the user be able to access all the permissions granted by the role it has? How to refresh the public web site token?
• is there a better recommended way to achieve programmatically role assignment without the user need to relogin?

Thank you for your time.