Fixed some critical bugs

src/Budget.Api/Program.cs

@@ -22,11 +22,14 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
     {
         options.Authority = builder.Configuration["AUTH__AUTHORITY"];
         options.Audience = builder.Configuration["AUTH__AUDIENCE"];
+        options.MapInboundClaims = false;
         options.TokenValidationParameters = new TokenValidationParameters
         {
             ValidateIssuer = true,
             ValidateAudience = true,
             ValidateLifetime = true,
+            RoleClaimType = "role",
+            NameClaimType = "sub",
         };
     });
 
@@ -49,9 +52,8 @@ app.UseDefaultFiles();
 app.UseStaticFiles();
 
 app.UseAuthentication();
-app.UseAuthorization();
-
 app.UseMiddleware<KnownUserMiddleware>();
+app.UseAuthorization();
 
 app.MapControllers();
 app.MapHealthChecks("/healthz", new HealthCheckOptions
@@ -62,7 +64,7 @@ app.MapHealthChecks("/healthz", new HealthCheckOptions
         [HealthStatus.Degraded] = StatusCodes.Status200OK,
         [HealthStatus.Unhealthy] = StatusCodes.Status503ServiceUnavailable,
     }
-}).RequireAuthorization();
+});
 
 app.MapFallbackToFile("index.html");
 

src/Budget.Client/src/auth/authConfig.ts

@@ -5,7 +5,7 @@ export const authConfig: UserManagerSettings = {
   client_id: import.meta.env.VITE_AUTH_CLIENT_ID,
   redirect_uri: import.meta.env.VITE_AUTH_REDIRECT_URI,
   response_type: 'code',
-  scope: 'openid profile email',
+  scope: 'openid profile email offline_access budget_api',
   post_logout_redirect_uri: import.meta.env.VITE_AUTH_REDIRECT_URI?.replace('/callback', ''),
   automaticSilentRenew: true,
 };