oauth2-openid-connect-server icon indicating copy to clipboard operation
oauth2-openid-connect-server copied to clipboard

Published 20 hours ago verified publisher icon steverhoades

Mapping claims per client

Open Brammm opened this issue 3 years ago • 0 comments

First of all, thanks for all the work you did for this library.

In the app we're building with this package, we've run into a situation where we'd like to differentiate claims based on which client is authenticating (the same user may authenticate under different clients and needs different claims, in our case specifically, different access roles to the client. E.g. a user could be an admin in one client but only a user in the other).

As far as I can tell, there's no straight forward way to do this, seeing as the IdentityProvider interface only uses the user identifier from the access token.

Do you see a more straight forward way of doing this? Currently, I'm thinking I need to extend the IdTokenResponse and change the IdentityProvider::getUserEntityByIdentifier method to use the full AccessToken instead of just the user identifier, so we can get the client from the access token.

Brammm avatar Jan 18 '22 10:01 Brammm