Leave control of is_superuser status with Django by default #14

Andras1000 · 2021-03-31T13:56:09Z

In tokens.py the is_superuser status of a user will always be overwritten by this library.

user.is_superuser = bool(
    self.config.superuser_group
    and "groups" in claims
    and self.config.superuser_group in claims["groups"]
)

Make this code optional via settings so when an existing user is authenticated the already existing is_superuser status can be used.

I ran into this limitation as the groups scope is not returned in the flow unless one has the API Access Management feature in Okta which allows custom authorization server (see here), so could not use the SUPERUSER_GROUP setting.

Same applies to is_staff.

The text was updated successfully, but these errors were encountered:

samkuehn · 2021-04-01T17:28:53Z

I am having the same issue. Here are my comments/suggestions on another issue.

#8 (comment)

AzMoo · 2023-03-13T12:29:58Z

Resolved in #28

Andras1000 changed the title ~~Allow to leave control of is_superuser status with Django~~ Leave control of is_superuser status with Django by default Mar 31, 2021

santoru mentioned this issue Oct 15, 2021

Support userinfo endpoint as fallback for groups #20

Closed

AzMoo closed this as completed Mar 13, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Leave control of is_superuser status with Django by default #14

Leave control of is_superuser status with Django by default #14

Andras1000 commented Mar 31, 2021 •

edited

Loading

samkuehn commented Apr 1, 2021 •

edited

Loading

AzMoo commented Mar 13, 2023

Leave control of is_superuser status with Django by default #14

Leave control of is_superuser status with Django by default #14

Comments

Andras1000 commented Mar 31, 2021 • edited Loading

samkuehn commented Apr 1, 2021 • edited Loading

AzMoo commented Mar 13, 2023

Andras1000 commented Mar 31, 2021 •

edited

Loading

samkuehn commented Apr 1, 2021 •

edited

Loading