search

spring-cloud / spring-cloud-common-security-config

A common security infrastructure used by Spring Cloud Data Flow and the projects in its ecosystem
19 stars 32 forks source link

Role mapping with jwt broken #77

Closed jvalkeal closed 4 years ago

jvalkeal commented 4 years ago

Currently CustomOAuth2OidcUserService gets confused if map-oauth-scopes is set to true. This is because with azure permission name is dataflow.create and exposed api aka scope api://dataflow-server/dataflow.create.

While CustomOAuth2OidcUserService would expect 

role-mappings:
  ROLE_CREATE: dataflow.create

And MappingJwtGrantedAuthoritiesConverter expects

role-mappings:
  ROLE_CREATE: api://dataflow-server/dataflow.create

All boils down to as jwt contains dataflow.create in scp field but other parts doing mapping will see api://dataflow-server/dataflow.create.