The list APIs for kratos, oathkeeper and hydra resources (idps, schemas, clients, etc) list all available resources, as long as the user is logged in.
That is the intended behavior for openfga resources (roles, groups) as well, but that's not the case. It is easy to reproduce this by running the skaffold setup, creating a group and then calling the groups api unauthenticated. You will get only the global group back, eg
I think that the reason for this is that we use the openfga list API to list the roles and groups, which does not take into account the * relation.
The list APIs for kratos, oathkeeper and hydra resources (
idps
,schemas
,clients
, etc) list all available resources, as long as the user is logged in.That is the intended behavior for openfga resources (![image](https://github.com/canonical/identity-platform-admin-ui/assets/19745916/cafe0373-12b9-4b87-bb33-061040d3b994)
roles
,groups
) as well, but that's not the case. It is easy to reproduce this by running the skaffold setup, creating a group and then calling the groups api unauthenticated. You will get only theglobal
group back, egI think that the reason for this is that we use the openfga list API to list the roles and groups, which does not take into account the
*
relation.