nexiles / keycloak-client-role-attribute-mapper

A keycloak client role attribute mapper implementation
Apache License 2.0
0 stars 1 forks source link

Cache is being shared between mappers #12

Open alefcarlos opened 3 weeks ago

alefcarlos commented 3 weeks ago

Hey! Thank for this package, but I found an issue(idk if this is expected).

If we create multiple mappers the claims values are reused, but it work if you have ONLY ONE mapper:

https://github.com/nexiles/keycloak-client-role-attribute-mapper/blob/32dab7c2810d54a8dbac27e148e8ea7d7bed6113/src/main/java/com/nexiles/keycloak/UserClientRoleAttributeMappingMapper.java#L294

To solve this, for now, I'm adding the mapping model id to the cache key:

final String resolvedClientRolesAttributesAttrName = RESOLVED_CLIENT_ROLES_ATTRIBUTES_ATTR + ":" + mappingModelId + ":" + clientSessionCtx.getClientSession().getUserSession().getId();

And now all the generated claims have the expected values ;)

Do you accept a PR?

And one thing to think: this infomation should have be cached?

s-frei commented 1 week ago

Hi there,

sorry for answering that late, to many notifactions 😉

Well, I guess the behaviour you described should not happen. Seems like at the time of writing this I only tested this manually using one mapper and there are no other tests...

This was, at the time of writing, more or less for a POC and I am currently into other things, but for sure I'll accept PRs, so if others stumble upon this, they don't need to fix it themselves.

Can't remember why I decided to cache the claims, but this also depends on how often the token is refreshed. Maybe this could be disabled by configuration forwarding the decision to the person using it.