Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Role matching OIDC #3335

Merged
merged 11 commits into from
Mar 7, 2024
Merged

Role matching OIDC #3335

merged 11 commits into from
Mar 7, 2024

Conversation

awildturtok
Copy link
Collaborator

No description provided.

thoniTUB
thoniTUB requested changes Mar 6, 2024
View reviewed changes
Copy link
Collaborator

@thoniTUB thoniTUB left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Durch die änderung ergeben sich noch ein paar test cases

backend/src/main/java/com/bakdata/conquery/apiv1/auth/ProtoRole.java Outdated Show resolved Hide resolved
backend/src/main/java/com/bakdata/conquery/models/auth/AuthorizationController.java Outdated Show resolved Hide resolved
backend/src/main/java/com/bakdata/conquery/models/auth/oidc/JwtPkceVerifyingRealm.java Outdated
Comment on lines 163 to 171
if (user.getRoles().contains(roleId)) {
continue;
}

final Role role = storage.getRole(roleId);

if (role == null) {
continue;
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In die IFs bitte auch traces

backend/src/main/java/com/bakdata/conquery/models/config/auth/DefaultAuthorizationConfig.java Outdated
Comment on lines 17 to 18
@Valid
private List<ProtoRole> initialRoles;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hier noch die default admin rolle definieren

backend/src/main/java/com/bakdata/conquery/models/auth/oidc/JwtPkceVerifyingRealm.java
return new ConqueryAuthenticationInfo(user, token, this, true);
}
}

throw new UnknownAccountException("The user id was unknown: " + subject);
}

private void handleRoleClaims(AccessToken accessToken, User user) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wir sollten ggf. noch das Token/ oder die Tokensignature hashen, damit wir das nicht bei jedem request ausführen

@awildturtok awildturtok merged commit b8c4ad3 into develop Mar 7, 2024
6 checks passed
@delete-merged-branch delete-merged-branch bot deleted the feature/role-matching-oidc branch March 7, 2024 16:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thoniTUB thoniTUB thoniTUB approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@awildturtok @thoniTUB