@flaat.requires(
get_claim_requirement( # the user needs to satisfy this requirement (having one of the email claims)
["hardt@kit.edu", "dev@foo.org"],
claim="email",
match=1,
),
)
plus having this claim in my userinfo:
"email": "hardt@kit.edu",
Still gives me:
marcus@nemo 0 ~/projects/flaat master|✚2…2 $ http localhost:8080/authorized_claim "Authorization: Bearer `oidc-token egi`"
HTTP/1.1 403 Forbidden
Content-Length: 416
Content-Type: application/json; charset=utf-8
Date: Fri, 25 Feb 2022 14:46:23 GMT
Server: Python/3.9 aiohttp/3.8.1
{
"error": "Forbidden",
"error_description": "User d7a53cbe3e966c53ac64fde7355956560282158ecac8f3d2c770b474862f4756@egi.eu@https://aai.egi.eu/oidc/ does not meet requirements",
"error_details": {
"check": "OneOf: No sub-requirements are satisfied",
"check_details": [
"User has no claim 'email' with value: 'hardt@kit.edu' // 'hardt@kit.edu'",
"User has no claim 'email' with value: 'dev@foo.org' // 'hardt@kit.edu'"
]
}
}
the values after // are the actual claim value; added as a debug output to the code ...
Using AIO, and setting this claim:
plus having this claim in my userinfo:
Still gives me:
the values after
//
are the actual claim value; added as a debug output to the code ...