search

microsoft / spring-cloud-azure

Spring Cloud Azure is an open-source project that provides seamless Spring integration with Azure services.
https://microsoft.github.io/spring-cloud-azure
MIT License
217 stars 105 forks source link

[FEATURE REQ] Allow users to define the claimToAuthorityPrefix when application_type is web_application or web_application_and_resource_server #1052

Closed fxpaquette closed 1 year ago

fxpaquette commented 1 year ago

Is your feature request related to a problem? Please describe. When application_type is resourceserver, users can define a custom claimToAuthorityPrefix (defaults to "APPROLE") with the property spring.cloud.azure.active-directory.resource-server.claim-to-authority-prefix-map.roles. However, for web_application the prefix is hardcoded inside the AadOAuth2UserService.extractRolesFromIdToken method.

AadOAuth2UserService.java

Set<String> extractRolesFromIdToken(OidcIdToken idToken) {
        return Optional.ofNullable(idToken)
                       .map(token -> (Collection<?>) token.getClaim(ROLES))
                       .filter(obj -> obj instanceof List<?>)
                       .map(Collection::stream)
                       .orElseGet(Stream::empty)
                       .filter(s -> StringUtils.hasText(s.toString()))
                       .map(role -> AuthorityPrefix.APP_ROLE + role)
                       .collect(Collectors.toSet());
    }

Describe the solution you'd like Let users define the claimToAuthorityPrefix when application_type is web_application or web_application_and_resource_server by adding a similar property as spring.cloud.azure.active-directory.resource-server.claim-to-authority-prefix-map.roles and using this property in the above method.

Describe alternatives you've considered For now, I think the alternative is to create an OAuth2UserService bean by extending the AadOAuth2UserService class and overriding the extractRolesFromIdToken method.

Additional context I am using spring-cloud-azure-starter-active-directory 6.0.0-beta.3

Information Checklist

hui1110 commented 1 year ago

Hi, @fxpaquette thanks for reaching out, our repo has to be migrated to azure-sdk-for-java, so I copied the current issue to that repo, let's use that issue to track.

hui1110 commented 1 year ago

Closing this, redirect to https://github.com/Azure/azure-sdk-for-java/issues/33560.