ocis_keycloak: Add ocis roles as realm roles #5750
Conversation
This adds the roles ocisAdmin, ocisSpaceAdmin, ocisUser and ocisGuest as realm roles to the the oCIS realm. It also assigns those roles to the demo users. Additionally the missing demo user "Katherine Johnson" is added with the role of "ocisSpaceAdmin".
|
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
|
related to #5669 |
There was a problem hiding this comment.
👍 looks great
One also has the flexibility to not directly assign a role to a user but to a group. Therefore the group needs the role mapper and every group member will receive this role. Will oCIS have a logic to use the "highest privileges role" (if there is something like an order of privileges!?)
What do we do about OCIS_ADMIN_USER_ID is that still needed for other usecases? Because if you're using Keycloak, you won't need that somewhat constrained setting anymore.
Good question. I guess we'll somehow need to add that to ocis, yes.
The keycloak deployment it not really uses
|
Author: Ralf Haferkamp <rhaferkamp@owncloud.com>
Date: Wed Mar 8 12:11:21 2023 +0100
ocis_keycloak: Add ocis roles as realm roles (#5750)
* ocis_keycloak: Add ocis roles as realm roles
This adds the roles ocisAdmin, ocisSpaceAdmin, ocisUser and ocisGuest as realm roles
to the the oCIS realm. It also assigns those roles to the demo users.
Additionally the missing demo user "Katherine Johnson" is added with the role of
"ocisSpaceAdmin".
* Expose realm_roles in "roles" claim of id tokens and userinfo
This adds the roles ocisAdmin, ocisSpaceAdmin, ocisUser and ocisGuest as realm roles to the the oCIS realm. It also assigns those roles to the demo users.
Additionally the missing demo user "Katherine Johnson" is added with the role of "ocisSpaceAdmin".
The changes to actually evaluate the roles from ocis will follow in a later PR.