search

dsferruzza / actix-web-middleware-keycloak-auth

A middleware for Actix Web that handles authentication with a JWT emitted by Keycloak
MIT License
31 stars 11 forks source link

Groups #12

Open simon-an opened 2 years ago

simon-an commented 2 years ago

Hey there,

thanks for providing this awesome crate. 👍

Are there any plans to support groups?

BR Simon

dsferruzza commented 2 years ago

Hi!

To my knowledge there is no standard JWT claim that contains the list of groups a user is in. If you want this in your JWT, you have to create a Group Membership mapper in Keycloak and it could have any claim name you want. This is why my lib does not do this out of the box.

But the good is: it is quite simple to do! Once you have configured Keycloak to include groups in JWTs (create a Client Scope with a Group Membership mapper and use this scope in a Client), you just need to define a Deserialize struct with any claim you want (see this example) and use it in your handler's extractor.

Let me know if something does not make sense to you or if I missed something!