When the function specified in settings.LOAD_USER_ROLES is called it is given a list of roles as a parameter.
However, this list only features the user's realm roles and does not have any client specific role information.
Inspecting the returned token, we can see that this information is present. Therefore, it would be useful if it would be presented to the django hook function.
Implementation could be something like:
# bossoidc/backend.py, around line 117
client_id = jwt["aud"]
client_roles = jwt["resource_access"].get(client_id, {}).get("roles", [])
roles.extend(client_roles)
I am willing to add a PR with this change, if you'd be favorable to this addition.
When the function specified in
settings.LOAD_USER_ROLESis called it is given a list of roles as a parameter.However, this list only features the user's realm roles and does not have any client specific role information.
Inspecting the returned token, we can see that this information is present. Therefore, it would be useful if it would be presented to the django hook function.
Implementation could be something like:
I am willing to add a PR with this change, if you'd be favorable to this addition.