oidc custom claim role support

[andy-igoshin]

oidc custom claim role support

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[highTowerSU]

Hello,

i have done this more simple. My patch of the file is below. I have also attached my config in keycloak. It would be awesome, if this would get into main.

data/greenlight-v3/external_controller.rb

  def build_user_info(credentials)
    roles_claim = credentials['extra']['raw_info']['role'] || [] # Array oder String
    matched_role = Role.where(name: roles_claim).first             # erste passende Rolle
    if matched_role.blank?
      Rails.logger.info("DEBUG credentials: #{credentials.inspect}")
      Rails.logger.info("DEBUG credentials: #{roles_claim.inspect}")
      Rails.logger.info("Matched role: #{matched_role.inspect}")
      matched_role = default_role
    end
    Rails.logger.info("Used role: #{matched_role.name} / ID: #{matched_role.id}")
    {
      name: credentials['info']['name'],
      email: credentials['info']['email'],
      role: matched_role,                                  # role_id dynamisch setzen
      language: extract_language_code(credentials['info']['locale']),
      external_id: credentials['uid'],
      verified: true
    }
  end