github-actions[bot]
commented
3 days ago Message to comment on stale issues. If none provided, will not mark issues stale
Open hyperman3 opened 2 months ago
github-actions[bot]
commented
3 days ago Message to comment on stale issues. If none provided, will not mark issues stale
Actual Behavior
Systems like keycloak allow you to specify custom claims for users. These can appear in any of the tokens.
Some examples:
It would be usefull if HWIOAuthBundle could pass the token data to the User object, and provide a means to map roles.
Possible Solutions
The class OAuthUserProvider/EntityUserProvider receives the UserResponseInterface, which contains the claims in the (serializable) getData(). Passing that data to the OAuthUser and giving it a getData() function solves half of the problem.
The second half is harder: Adding roles to getRoles() based on the contents of getData(). I chose the quick and dirty way, adding a groups array to getData() and claiming that groups and roles are identical. This works, but a more general implementation would allow config-based mapping, maybe reusing the 'paths' mechanism of PathUserResponse.
There is also loadUserByIdentifier and refreshUser that can't be easily implemented. It seems unused in my application, but I don't know enough about HWIOAuthBundle to know if there is a better way.