search

appsembler / tahoe-idp

A package of tools and features for integrating Tahoe with Auth0
MIT License
0 stars 0 forks source link

feature: Set `UserOrganizationMapping.is_amc_admin` via `TahoeAuth0OAuth2` #13

Closed OmarIthawi closed 2 years ago

OmarIthawi commented 2 years ago

Current method app_metadata

Registration / Invitation

When registering a new user, add the following app_metadata:

Admins: {"organization": "org_xyz123", "role": "administrator"}

Learners {"organization": "org_xyz123", "role": "learner"}

OAuth 2.0 backend login

If the role equals to administrator, then add the UserOrganizationMapping with is_admin=True:

https://github.com/appsembler/tahoe-auth0/blob/f8ae20bbbae640c0b9c4a55bacf06ba2bbab4ff0/tahoe_auth0/backend.py#L93-L111

Old method: OrganizationAdmin

The old proposal was:

TahoeAuth0OAuth2 backend should tell if this user has the OrganizationAdmin Auth0 Role as described in the Known TahoeAuth0OAuth2 customizations section of the Open edX with Auth0 (OAuth 2.0 prposal) doc.

The tahoe_auth0/backend.py should add a something like the following code:

user_details['auth0_organization_admin'] = 'OrganizationAdmin' in auth0_api.get_roles()

Then Open edX should use the information to add proper UserOrganizationMapping with is_amc_admin = True in the Auth pipeline.

OmarIthawi commented 2 years ago

Closed by #22