From d6916846c474c5f3b8c68acc3ddc1aa278a3565b Mon Sep 17 00:00:00 2001
From: Mart van Santen <mart@greenhost.nl>
Date: Tue, 21 Dec 2021 06:48:49 +0100
Subject: [PATCH] Set stackspin role

---
 login/app.py    | 4 ++--
 login/kratos.py | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/login/app.py b/login/app.py
index c282165..87c48c8 100644
--- a/login/app.py
+++ b/login/app.py
@@ -542,7 +542,7 @@ def consent():
     app_obj = db.session.query(App).filter(App.slug==app_name).first()
 
     # Default access level
-    role = 'user'
+    role = ''
     if app_obj:
         role_obj = db.session.query(AppRole).\
                     filter(AppRole.app_id==app_obj.id).\
@@ -551,7 +551,7 @@ def consent():
             role = role_obj.role
 
     # Get claims for this user, provided the current app
-    claims = user.get_claims(app_name)
+    claims = user.get_claims(app_name, none, role)
 
     # pylint: disable=fixme
     # TODO: Need to implement checking claims here, once the backend for that is
diff --git a/login/kratos.py b/login/kratos.py
index fc50257..5636841 100644
--- a/login/kratos.py
+++ b/login/kratos.py
@@ -325,7 +325,7 @@ class KratosUser():
     # Pylint complains about app not used. That is correct, but we will use that
     # in the future. Ignore this error
     # pylint: disable=unused-argument
-    def get_claims(self, app, mapping = None) -> Dict[str, Dict[str, str]]:
+    def get_claims(self, app, mapping = None, role) -> Dict[str, Dict[str, str]]:
         """Create openID Connect token
         Use the userdata stored in the user object to create an OpenID Connect token.
         The token returned by this function can be passed to Hydra,
@@ -358,7 +358,7 @@ class KratosUser():
             "name": name,
             "preferred_username": username,
             "email": self.email,
-            "roles": '',
+            "stackspin_roles": role,
         }
 
 
-- 
GitLab