search

openanalytics / containerproxy

Manage HTTP proxy routes into Docker containers
Apache License 2.0
45 stars 66 forks source link

Support For When Single Role is a String from OIDC Token #75

Open k----n opened 1 year ago

k----n commented 1 year ago

We are using an OIDC authentication provider that is a non-array string with a single role.

Is this something that the project would be open have as a change?

Happy to submit a PR that will modify the following:

  1. The function below https://github.com/openanalytics/containerproxy/blob/5f0fa2d98d0e0014a1190f85755634a4845ee834/src/main/java/eu/openanalytics/containerproxy/auth/impl/OpenIDAuthenticationBackend.java#L238-L275

  2. The tests below https://github.com/openanalytics/containerproxy/blob/5f0fa2d98d0e0014a1190f85755634a4845ee834/src/test/java/eu/openanalytics/containerproxy/test/unit/TestOpenIdParseClaimRoles.java

LEDfan commented 1 year ago

Hi

I'm not sure if it would be a good idea to add this. The parsing code is already relatively complex with (e.g. to support non-standard JSON). Although the change would be quite easy indeed.

Nevertheless, in the mean time you can use the access-expression feature instead: https://shinyproxy.io/documentation/spel/#access-expression

For example:

access-expression: "#{oidcUser.attributes.test_role == 'my_value'}"

I'll keep this issue open as a feature request so that we can consider it for the next release.