Closed qq1176914912 closed 2 months ago
Hello,
Normally, the inclusion of groups in the access token is unnecessary. The roles contained within the access token represent the permissions that the authenticated user has to execute actions against the client. Therefore, the authorization policies established by your web application should operate based on the client's permissions rather than the groups.
Currently, it is not feasible to include groups in the access token. If you require this functionality, we can consider supporting it for the upcoming release 5.0.0.
Best regards,
SID
Hello,
Normally, the inclusion of groups in the access token is unnecessary. The roles contained within the access token represent the permissions that the authenticated user has to execute actions against the client. Therefore, the authorization policies established by your web application should operate based on the client's permissions rather than the groups.
Currently, it is not feasible to include groups in the access token. If you require this functionality, we can consider supporting it for the upcoming release 5.0.0.
Best regards,
SID
Thanks for your reply, besides getting the role group in the access token, is there any other way to get the user's role from which group?
As I mentioned in my previous message, currently, it is not feasible to include groups in the access token. If you require this functionality, we can consider supporting it for the upcoming release 5.0.0.
As I mentioned in my previous message, currently, it is not feasible to include groups in the access token. If you require this functionality, we can consider supporting it for the upcoming release 5.0.0.
I know what you mean, what I mean is that in addition to having groups in the access token, at this point, is there another way to get the group that the current user role belongs to (outside of the access token), such as is there an interface to query?
Apologies for my misunderstanding. You can retrieve the groups assigned to a user by executing the following HTTP query:
Groups are available in the 'groups' property.
METHOD: GET
TARGET : https://openid.simpleidserver.com/master/users/<ID>
Swagger endpoint : https://openid.simpleidserver.com/master/swagger/index.html
Apologies for my misunderstanding. You can retrieve the groups assigned to a user by executing the following HTTP query:
Groups are available in the 'groups' property.
METHOD: GET TARGET : https://openid.simpleidserver.com/master/users/<ID>
Swagger endpoint : https://openid.simpleidserver.com/master/swagger/index.html
Thank you for your reply, I think it is still necessary to display "group" in the token. At present, the role of "group" is only to give the user a role, as the role of the middleware. If the "group" is also supported in the token, it can make it play a real role.
I created a Group called admin in "Group" and added roles to it: And assign this component to the user: The client also assigns "Scope" for "role": And Include in access token is enabled for role: When I access and retrieve the token content, analyzing the token yields the following: I defined in the token key "roleScopeMappingTokenClaimName" is the role of, can see, is named "the client name/role name", but I didn't see the "group", I want to know the role is to belong to which group? Do I need to get groups separately, or do I need to change the role structure to "Groups/clients/Roles"?