fix: role assertion (#1986)

* fix: enum to display access token role assertion * improve assertion descriptions * fix nil pointer
zitadel · Jul 7, 2021 · 38a4683 · 38a4683
1 parent 6fa3076
commit 38a4683
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 9 deletions.
diff --git a/console/src/app/pages/projects/apps/app-detail/app-detail.component.html b/console/src/app/pages/projects/apps/app-detail/app-detail.component.html
@@ -259,7 +259,7 @@ <h3 class="full-width section-title">{{'APP.OIDC.REDIRECTSECTIONTITLE' | transla
                         </mat-select>
                     </cnsl-form-field>
 
-                    <mat-checkbox *ngIf="accessTokenType?.value === OIDCTokenType.OIDCTOKENTYPE_JWT" class="full-width"
+                    <mat-checkbox *ngIf="accessTokenType?.value === OIDCTokenType.OIDC_TOKEN_TYPE_JWT" class="full-width"
                         formControlName="accessTokenRoleAssertion" color="primary">
                         {{'APP.OIDC.ACCESSTOKENROLEASSERTION' | translate}}</mat-checkbox>
 

diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json
@@ -907,7 +907,7 @@
       "SELECTGROUPTOOLTIP": "Wähle alle Rollen der Gruppe {{group}} aus.",
       "OPTIONS": "Optionen",
       "ASSERTION": "Rollen bei Authentisierung mitschicken",
-      "ASSERTION_DESCRIPTION": "Rolleninformationen werden der Authentisierung per Token, UserInfo Endpoint oder anderen Methoden bereitgestellt, die in Applikationseinstellungen definiert sind.",
+      "ASSERTION_DESCRIPTION": "Rolleninformationen werden auf dem UserInfo Endpoint oder je nach Applikationseinstellungen in Tokens oder anderen Methoden bereitgestellt.",
       "CHECK": "Rollen bei Authentisierung prüfen",
       "CHECK_DESCRIPTION": "Ist das Attribut gesetzt, kann ein Benutzer nur mit einem entsprechenden Rolle authentifiziert werden."
     },
@@ -1172,9 +1172,9 @@
       "OVERVIEWSECTION": "Übersicht",
       "OVERVIEWTITLE": "Deine Konfiguration ist bereit. Du kannst sie hier nochmals prüfen.",
       "ACCESSTOKENROLEASSERTION": "Benutzerrollen dem Access Token hinzufügen",
-      "ACCESSTOKENROLEASSERTION_DESCRIPTION": "Bei Auswahl werden dem Access Token die Rollen des Authentifizierten Benutzers hinzugefügt.",
+      "ACCESSTOKENROLEASSERTION_DESCRIPTION": "Bei Auswahl werden dem Access Token die angeforderten Rollen des authentifizierten Benutzers hinzugefügt.",
       "IDTOKENROLEASSERTION": "Benutzerrollen im ID Token",
-      "IDTOKENROLEASSERTION_DESCRIPTION": "Bei Auswahl werden dem Id Token die Rollen des Authentifizierten Benutzers hinzugefügt.",
+      "IDTOKENROLEASSERTION_DESCRIPTION": "Bei Auswahl werden dem ID Token die angeforderten Rollen des authentifizierten Benutzers hinzugefügt.",
       "IDTOKENUSERINFOASSERTION": "User Info im ID Token",
       "IDTOKENUSERINFOASSERTION_DESCRIPTION": "Ermöglich OIDC clients claims von profile, email, phone und address direkt vom ID Token zu beziehen.",
       "CLOCKSKEW": "ermöglicht Clients, den Taktversatz von OP und Client zu verarbeiten. Die Dauer (0-5s) wird der exp addiert und von iats, auth_time und nbf abgezogen.",

diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json
@@ -908,8 +908,8 @@
       "CREATIONDATE": "Created",
       "SELECTGROUPTOOLTIP": "Select all Roles of the group {{group}}.",
       "OPTIONS": "Options",
-      "ASSERTION": "Assert Roles on Authentication.",
-      "ASSERTION_DESCRIPTION": "Roleinformation is sent as Token, Userinfo endpoint or other type, depending on your application settings.",
+      "ASSERTION": "Assert Roles on Authentication",
+      "ASSERTION_DESCRIPTION": "Role information is sent from Userinfo endpoint and depending on your application settings in tokens and other types.",
       "CHECK": "Check roles on Authentication",
       "CHECK_DESCRIPTION": "If set, users are only allowed to authenticate if any role is assigned to their account."
     },
@@ -1175,9 +1175,9 @@
       "OVERVIEWSECTION": "Overview",
       "OVERVIEWTITLE": "You are now done. Review your configuration.",
       "ACCESSTOKENROLEASSERTION": "Add user roles to the access token",
-      "ACCESSTOKENROLEASSERTION_DESCRIPTION": "If selected, the roles of the authenticated user are added to the access token.",
+      "ACCESSTOKENROLEASSERTION_DESCRIPTION": "If selected, the requested roles of the authenticated user are added to the access token.",
       "IDTOKENROLEASSERTION": "User roles inside ID Token",
-      "IDTOKENROLEASSERTION_DESCRIPTION": "If selected, the roles of the authenticated user are added to the ID token.",
+      "IDTOKENROLEASSERTION_DESCRIPTION": "If selected, the requested roles of the authenticated user are added to the ID token.",
       "IDTOKENUSERINFOASSERTION": "User Info inside ID Token",
       "IDTOKENUSERINFOASSERTION_DESCRIPTION": "Enables clients to retrieve profile, email, phone and address claims from ID token.",
       "CLOCKSKEW": "Enables clients to handle clock skew of OP and client. The duration (0-5s) will be added to exp claim and subtracted from iats, auth_time and nbf.",

diff --git a/internal/project/repository/eventsourcing/model/api_config.go b/internal/project/repository/eventsourcing/model/api_config.go
@@ -73,7 +73,7 @@ func (p *Project) appendChangeAPIConfigEvent(event *es_models.Event) error {
 	}
 
 	if i, a := GetApplication(p.Applications, config.AppID); a != nil {
-		if p.Applications[i].OIDCConfig == nil {
+		if p.Applications[i].APIConfig == nil {
 			return errors.ThrowInvalidArgument(nil, "MODEL-ADbsd", "api config is nil")
 		}
 		return p.Applications[i].APIConfig.setData(event)