joshlong
commented
2 months ago does the GrantedAuthoritiesMapper work in the resource server as well?
i want the information about the scopes to be available to all nodes. do i need to register the same GrantedAuthoritiesMapper in both places? this feels like a duplication of efforts. i need the ROLEs from the local DB for all my decisions around which parts of the system to show and not. so while its fine to write them in the gateway i need to read and act on them in the service.
the trouble would be that the OAuth token doesnt have much besides the scopes.
if we're in the OAuth client (our Gateway) then we could configure a
GrantedAuthoritiesMapperto map the scopes to authorities. well, it turns out, this is also a really great time to do things like writing the record to a local SQL DB or enriching the OAuth principal with local information about the user (such as whatever scheme of users and authorities we cook up)https://github.com/joshlong-attic/spring-security-oauth-scopes-to-local-granted-authorities
for more on this,see this example. the question then is: does this all belong in the gateway?