29 lines
716 B
Plaintext
29 lines
716 B
Plaintext
/**
|
|
* sets the roles an additional claim in the token with roles as value an project as key
|
|
*
|
|
* The role claims of the token look like the following:
|
|
*
|
|
* // added by the code below
|
|
* "groups": ["{roleName}", "{roleName}", ...],
|
|
*
|
|
* Flow: Complement token, Triggers: Pre Userinfo creation, Pre access token creation
|
|
*
|
|
* @param ctx
|
|
* @param api
|
|
*/
|
|
function groupsClaim(ctx, api) {
|
|
if (ctx.v1.user.grants === undefined || ctx.v1.user.grants.count == 0) {
|
|
return;
|
|
}
|
|
|
|
let grants = [];
|
|
ctx.v1.user.grants.grants.forEach((claim) => {
|
|
claim.roles.forEach((role) => {
|
|
grants.push(role);
|
|
});
|
|
});
|
|
|
|
api.v1.claims.setClaim("groups", grants);
|
|
api.v1.claims.setClaim("scope", grants);
|
|
}
|