search

canonical / identity-platform-admin-ui

Admin UI for the Canonical identity broker and identity provider solution
Other
5 stars 4 forks source link

Incosistent List API behavior #336

Open nsklikas opened 1 week ago

nsklikas commented 1 week ago

The list APIs for kratos, oathkeeper and hydra resources (idps, schemas, clients, etc) list all available resources, as long as the user is logged in.

That is the intended behavior for openfga resources (roles, groups) as well, but that's not the case. It is easy to reproduce this by running the skaffold setup, creating a group and then calling the groups api unauthenticated. You will get only the global group back, eg image

I think that the reason for this is that we use the openfga list API to list the roles and groups, which does not take into account the * relation.

syncronize-issues-to-jira[bot] commented 1 week ago

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/IAM-932.

This message was autogenerated