Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keycloak OIDC group permistions is broken. #1111

Closed
sambles opened this issue Sep 17, 2024 · 0 comments · Fixed by #1112
Closed

Keycloak OIDC group permistions is broken. #1111

sambles opened this issue Sep 17, 2024 · 0 comments · Fixed by #1112
Assignees
@sambles
Labels
bug production
Milestone
2.4.0

Comments

@sambles
Copy link
Contributor

sambles commented Sep 17, 2024

Issue Description

Something is wrong with the groups assignment linked to the objects created in the Django DB. I did a quick test and instead of the expected ['/user_org_1', '/user_org_2'] I'm seeing ['offline_access', 'default-roles-oasis', 'uma_authorization']

bug_groups_1

bug_groups_2
Screenshot from 2024-09-17 15-24-49

Testing script

import requests
import jwt #pip install pyjwt

keycloak_url = 'https://{DOMAIN}/auth/realms/oasis/protocol/openid-connect/token'
client_id = 'oasis-server'
client_secret = '{-from-values-file-}'
username = 'user_1'
password = 'pass'
grant_type = 'password'
headers = {'Content-Type': 'application/x-www-form-urlencoded'}

payload = {
    'client_id': client_id,
    'client_secret': client_secret,  # Omit this line if the client doesn't require a secret
    'grant_type': grant_type,
    'username': username,
    'password': password
}

response = requests.post(keycloak_url, data=payload, headers=headers)
token = response.json()['access_token']
decoded_token = jwt.decode(token, options={"verify_signature": False})
@sambles sambles self-assigned this Sep 17, 2024
@sambles sambles moved this to In Progress in Oasis Dev Team Tasks Sep 17, 2024
@sambles sambles mentioned this issue Sep 18, 2024
Merged
@sambles sambles linked a pull request Sep 19, 2024 that will close this issue
Fixed group mapper class in Keyclock realm config #1112
Merged
@sambles sambles closed this as completed Sep 19, 2024
@github-project-automation github-project-automation bot moved this from In Progress to Done in Oasis Dev Team Tasks Sep 19, 2024
@awsbuild awsbuild added this to the 2.3.8 milestone Sep 20, 2024
@awsbuild awsbuild modified the milestones: 2.3.8, 2.4.0 Feb 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sambles sambles

Labels
bug production
Projects
Oasis Dev Team Tasks
Status: Done
Milestone
2.4.0
Development

Successfully merging a pull request may close this issue.

Fixed group mapper class in Keyclock realm config OasisLMF/OasisPlatform
2 participants
@sambles @awsbuild