chore: pr cleanup

prism-agent/service/server/src/main/resources/application.conf

@@ -114,7 +114,7 @@ agent {
             autoProvisioning = ${?API_KEY_AUTO_PROVISIONING}
         }
         keycloak {
-            enabled = true // TODO: revert to false before merge
+            enabled = false
             enabled = ${?KEYCLOAK_ENABLED}
 
             keycloakUrl = "http://localhost:9980"
@@ -135,7 +135,8 @@ agent {
             autoUpgradeToRPT = true
             autoUpgradeToRPT = ${?KEYCLOAK_UMA_AUTO_UPGRADE_RPT}
 
-            # A path of 'roles' claim in the JWT. Nested path maybe indicated by '.' separated.
+            # A path of 'roles' claim in the JWT. Nested path maybe indicated by '.' separator.
+            # The JWT 'roles' claim is expected to be a list of the following values: [agent-admin, agent-tenant]
             rolesClaimPath = "resource_access."${agent.authentication.keycloak.clientId}".roles"
             rolesClaimPath = ${?KEYKLOAK_ROLES_CLAIM_PATH}
         }

prism-agent/service/server/src/main/scala/io/iohk/atala/iam/authentication/oidc/KeycloakAuthenticator.scala

@@ -1,6 +1,7 @@
 package io.iohk.atala.iam.authentication.oidc
 
 import io.iohk.atala.agent.walletapi.model.BaseEntity
+import io.iohk.atala.agent.walletapi.model.EntityRole
 import io.iohk.atala.iam.authentication.AuthenticationError
 import io.iohk.atala.iam.authentication.AuthenticationError.AuthenticationMethodNotEnabled
 import io.iohk.atala.iam.authentication.AuthenticationError.InvalidCredentials
@@ -14,7 +15,6 @@ import zio.*
 import zio.json.ast.Json
 
 import java.util.UUID
-import io.iohk.atala.agent.walletapi.model.EntityRole
 
 final class AccessToken private (token: String, claims: JwtClaim) {
 
@@ -26,16 +26,14 @@ final class AccessToken private (token: String, claims: JwtClaim) {
       .flatMap(_.asObject.toRight("JWT payload must be a JSON object"))
       .map(_.contains("authorization"))
 
-  def role(claimPath: Seq[String]): Either[String, EntityRole] = {
-    for {
-      uniqueRoles <- extractRoles(claimPath).map(_.getOrElse(Nil).distinct)
-      r <- uniqueRoles.toList match {
+  def role(claimPath: Seq[String]): Either[String, EntityRole] =
+    extractRoles(claimPath)
+      .map(_.fold(Nil)(_.distinct).toList)
+      .flatMap {
         case Nil      => Right(EntityRole.Tenant)
         case r :: Nil => Right(r)
         case _        => Left(s"Multiple roles is not supported yet.")
       }
-    } yield r
-  }
 
   /** Return a list of roles that is meaningful to the agent */
   private def extractRoles(claimPath: Seq[String]): Either[String, Option[Seq[EntityRole]]] =
@@ -46,12 +44,12 @@ final class AccessToken private (token: String, claims: JwtClaim) {
           acc.flatMap(_.asObject).flatMap(_.get(pathSegment))
         }
         rolesJson match {
+          case None => Right(None)
           case Some(json) =>
             json.asArray
               .toRight("Roles claim is not a JSON array of strings.")
               .map(_.flatMap(_.asString).flatMap(parseRole))
               .map(Some(_))
-          case None => Right(None)
         }
       }
 

project/plugins.sbt

@@ -4,7 +4,6 @@ addSbtPlugin("com.github.sbt" % "sbt-release" % "1.1.0")
 addSbtPlugin("com.codecommit" % "sbt-github-packages" % "0.5.3")
 addSbtPlugin("com.github.sbt" % "sbt-native-packager" % "1.9.11")
 addSbtPlugin("org.scoverage" % "sbt-scoverage" % "2.0.6")
-addSbtPlugin("com.github.sbt" % "sbt-native-packager" % "1.9.11")
 addSbtPlugin("org.scoverage" % "sbt-coveralls" % "1.3.9")
 addSbtPlugin("com.thesamet" % "sbt-protoc" % "1.0.6")