Skip to content
Permalink
Browse files

Extract roles from Cognito groups

  • Loading branch information
Falydoor committed Feb 12, 2020
1 parent 4db2ed8 commit e2cceba1f5e9844cb0ab4ca6f7601b1c3a8b96a4
@@ -124,7 +124,7 @@ public GrantedAuthoritiesMapper userAuthoritiesMapper() {
// each scope as a GrantedAuthority, which we don't care about.
if (authority instanceof OidcUserAuthority) {
OidcUserAuthority oidcUserAuthority = (OidcUserAuthority) authority;
mappedAuthorities.addAll(SecurityUtils.extractAuthorityFromClaims(oidcUserAuthority.getUserInfo().getClaims()));
mappedAuthorities.addAll(SecurityUtils.extractAuthorityFromAttributes(oidcUserAuthority.getAttributes()));
}
});
return mappedAuthorities;
@@ -88,6 +88,11 @@ public static boolean isCurrentUserInRole(String authority) {
return mapRolesToGrantedAuthorities(getRolesFromClaims(claims));
}

@SuppressWarnings("unchecked")
public static Collection<? extends GrantedAuthority> extractAuthorityFromAttributes(Map<String, Object> attributes) {
return mapRolesToGrantedAuthorities((Collection<String>) attributes.getOrDefault("cognito:groups", new ArrayList<>()));
}

@SuppressWarnings("unchecked")
private static Collection<String> getRolesFromClaims(Map<String, Object> claims) {
return (Collection<String>) claims.getOrDefault("groups",

0 comments on commit e2cceba

Please sign in to comment.
You can’t perform that action at this time.