Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix role mapping in oauth2 authentication #4715

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

pinmarva
Copy link
Contributor

When logging in with an oauth provider, the default roles (admin, operator and read-only) are not assigned.
The problem is that the roles are not obtained from the OAUTH2_USER_API_URL. They are obtained from the id_token.

It is mandatory to add the "Authorization" header of the oidc2 providers to obtain the user's information.

@coveralls
Copy link

Coverage Status

coverage: 75.289%. remained the same
when pulling 99b183d on pinmarva:fix_oauth2_login
into 96c66ca on Netflix:main.

if current_app.config.get("PING_INCLUDE_BEARER_TOKEN"):
if current_app.config.get("PING_INCLUDE_BEARER_TOKEN") and "ping" in current_app.config.get("ACTIVE_PROVIDERS"):
headers = {"Authorization": f"Bearer {access_token}"}
else:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If and else blocks are the same headers = {"Authorization": f"Bearer {access_token}"}, which seems incorrect. Not sure what code change you were going for. If you can correct it with the intended change.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for the delay @charhate.
Apparently, the Authorization header is omitted in the PING provider when PING_INCLUDE_BEARER_TOKEN is False or is omitted.
But for the oauth2 provider, the Authorization header is mandatory.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants