-
-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
@WithOidcLogin
using json file similarly as @WithJwt
#211
Comments
What is your use case for needing to configure more than authorities on an OAuth2 client? Configuring an |
How about adding an example of usage of the annotation as javadocs, for example: @WithOidcLogin(
authorities = {"ROLE_ADMINISTRATOR"},
claims = @OpenIdClaims(
otherClaims = @Claims(
stringClaims = @StringClaim(name = "preferred_username", value = "admin"),
stringArrayClaims = @StringArrayClaim(name = "group", value = {"Administrator"}))))
@Test
void testAdminUserAuthenticated() {
...
} |
Sure, adding Javadoc is possible, but this does not answer my question... |
Sorry for not answering before. The authorities are initially mapped from groups that the user belongs to. The user can be in multiple groups at the same time but only one group can be active at a time. If the user has multiple groups assigned I need to redirect him to a group section page where a given group will be activated and a new token will be generated with a special activeGroup claim provided. Any suggestion on how to handle such a use case? |
Here is the draft for the Javadoc: Populates the test security context with an OAuth2AuthenticationToken instance with a DefaultOidcUser as principal. Only the annotation properties are used to build the authentication Instance. Neither OAuth2UserService nor GrantedAuthoritiesMapper are called. Usage to define just authorities: @WithOidcLogin({"BIDULE", "CHOSE"}) Advanced usage to set any claims, including private ones: @WithOidcLogin(
authorities = {"NICE"},
nameAttributeKey = StandardClaimNames.PREFERRED_USERNAME,
claims = @OpenIdClaims(
preferredUsername = "tonton-pirate",
email = "[email protected]",
otherClaims = @Claims(
stringClaims = { @StringClaim(name = "machin", value = "truc") }))) |
Why that? If a user is member of several groups, requesting him to manually switch between profiles to be able to do something he is allowed to seems a pretty bad user experience...
This means logout and then login (again, pretty bad UX) Also, issuing tokens is the job of the authorization server, when keeping the information about this |
Looks good to me. I would probably add a few other Perhaps add the test method after the annotation to show where it should be used. @WithOidcLogin(
authorities = {"NICE"},
nameAttributeKey = StandardClaimNames.PREFERRED_USERNAME,
claims = @OpenIdClaims(
preferredUsername = "tonton-pirate",
email = "[email protected]",
otherClaims = @Claims(
stringClaims = { @StringClaim(name = "machin", value = "truc") }),
stringArrayClaims = @StringArrayClaim(name = "myCustomStringArrayClaim", value = {"Administrator"})))
@Test
void test() {
...
} |
There are way too many properties to demo it all. Also, the IDE auto completion is there too... Released what was drafted with |
I would like to use
@WithOidcLogin
in the same manner as@WithJwt
as I feel it is more intuitive in certain usecases.As this approach currently doesn't exist, is there an example of how to customize
@WithOidcLogin
? Maybe a Javadoc with an example of usage could be added to the interface following the approach taken inWithJwt
. I feel it would facilitate for newcomers.Thank you for such a great library!
The text was updated successfully, but these errors were encountered: