Skip to content
Snippets Groups Projects
Verified Commit 2bf3b4ed authored by Mark's avatar Mark
Browse files

Add openappstack_roles claim

parent 02cfde4f
No related branches found
No related tags found
1 merge request!5Service Integration
Hide whitespace changes
Inline Side-by-side
consent_provider/db.py
+ 11
1
View file @ 2bf3b4ed
...@@ -21,6 +21,13 @@ class User(): ...@@ -21,6 +21,13 @@ class User():
name name
}} }}
}} }}
}},
roles{{
edges{{
node{{
name
}}
}}
}} }}
}}}}'''.format(self.username).strip() }}}}'''.format(self.username).strip()
result = loads(graphql_client.execute(querystring)) result = loads(graphql_client.execute(querystring))
...@@ -28,6 +35,8 @@ class User(): ...@@ -28,6 +35,8 @@ class User():
data = result["data"]["getUser"] data = result["data"]["getUser"]
self.applications = list(map(lambda x: x["node"]["name"], self.applications = list(map(lambda x: x["node"]["name"],
data["applications"]["edges"])) data["applications"]["edges"]))
self.roles = list(map(lambda x: x["node"]["name"],
data["roles"]["edges"]))
self.email = data["email"] self.email = data["email"]
def has_app_permission(self, appname): def has_app_permission(self, appname):
...@@ -38,5 +47,6 @@ class User(): ...@@ -38,5 +47,6 @@ class User():
"id_token": { "id_token": {
"name": self.username, "name": self.username,
"preferred_username": self.username, "preferred_username": self.username,
"email" : self.email} "email" : self.email,
"openappstack_roles": self.roles}
} }
test/create-hydra-client.sh
+ 2
1
View file @ 2bf3b4ed
...@@ -5,8 +5,9 @@ SECRET=$2 ...@@ -5,8 +5,9 @@ SECRET=$2
HOST=$3 HOST=$3
PORT=$4 PORT=$4
REDIRECT_URI=$5 REDIRECT_URI=$5
SCOPES="openid profile email openappstack_roles"
curl --header "Content-Type: application/json" \ curl --header "Content-Type: application/json" \
--request POST \ --request POST \
--data "{\"client_id\": \"$KEY\", \"client_name\": \"$KEY\", \"client_secret\": \"$SECRET\", \"redirect_uris\": [\"$REDIRECT_URI\"], \"scope\": \"openid profile email\", \"grant-types\": \"authorization_code,refresh_token\", \"response_types\": [\"code\"], \"token_endpoint_auth_method\": \"client_secret_post\"}" \ --data "{\"client_id\": \"$KEY\", \"client_name\": \"$KEY\", \"client_secret\": \"$SECRET\", \"redirect_uris\": [\"$REDIRECT_URI\"], \"scope\": \"$SCOPES\", \"grant-types\": \"authorization_code,refresh_token\", \"response_types\": [\"code\"], \"token_endpoint_auth_method\": \"client_secret_post\"}" \
http://$HOST:$PORT/clients http://$HOST:$PORT/clients
test/login_logout/app.py
+ 1
1
View file @ 2bf3b4ed
...@@ -26,7 +26,7 @@ sso = oauth.remote_app( ...@@ -26,7 +26,7 @@ sso = oauth.remote_app(
access_token_url=ACCESS_TOKEN_URL, access_token_url=ACCESS_TOKEN_URL,
authorize_url=AUTHORIZE_URL, authorize_url=AUTHORIZE_URL,
consumer_key=KEY, consumer_key=KEY,
request_token_params={'state': lambda: security.gen_salt(10), "scope": "openid profile email"}, request_token_params={'state': lambda: security.gen_salt(10), "scope": "openid profile email openappstack_roles"},
consumer_secret=SECRET) consumer_secret=SECRET)
@sso.tokengetter @sso.tokengetter
......
user-panel @ 1ba28f45
Compare 5ee76d3d...1ba28f45
Subproject commit 5ee76d3dd010ff9893b9d61dbb7c9660758c8ddc Subproject commit 1ba28f459e1c5804432f7da7ad394895155f5a2a
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment