I’m still struggling, but it looks like I’m getting closer.
I still haven’t figured out how to set a role claim (might be a restriction of the free Auth0 version), but I have been able to add new custom claims. So therefore I started using HasClaimTypeWithValue(). The result is that the SecurityDescriptor is no longer rejecting any commands, for some reason.
I have verified that I have a claim with the right type and value through the debugger in Rider. I have also verified that HasClaimTypeWithValue() returns what I expect it to. But regardless of what I put into its arguments in the code below, my commands pass security.
I am getting similar results with HasClaimType().
public class RestrictAccessControlCommandsToAdminRole : SecurityDescriptor
public RestrictAccessControlCommandsToAdminRole(ICanResolvePrincipal principalResolver)