slifty
commented
6 months ago @bickelj hmm, it looks like we actually need to add a role for this as well in order for it to show up in the jwt!
Closed slifty closed 6 months ago
slifty
commented
6 months ago @bickelj hmm, it looks like we actually need to add a role for this as well in order for it to show up in the jwt!
bickelj
commented
6 months ago @slifty Corrected and additional PR #919 added!
slifty
commented
6 months ago Woohoo! and with that I think this issue can be closed!
bickelj
commented
6 months ago @slifty @reefdog I think there might be a loose end here that I can tie off. Shouldn't members of pdc-admin gain access to the Keycloak interface to manage users in the PDC realm as well, e.g. via https://auth.philanthropydatacommons.org/admin/pdc/console?
slifty
commented
6 months ago @bickelj Hmmm, my .02 is I don't think it's directly related to the PDC administration intention of the group / it makes more sense to decouple that admin role from pdc-admin. We might want to grant a user one read / write access to PDC without giving them auth admin access.
Either way: what do you think about opening a new issue to explore that question? The issue's title is just "add the group and instructions" which is complete.
(In general I think it's best practice to create new issues that are more narrowly scoped to the new improvement (or bug) that's been identified with a reference to the original issue. The initial issue was completed and closed so 99% of the initial scope is wrapped up!)
bickelj
commented
6 months ago @slifty Sure, I can open a new issue for this.
I added the
pdc-admingroup to both test and prod. I also added @slifty to the group, so @slifty your JWT should reflect that somehow.