OAuth2 token renewal and Simplifier Role Mapping with OAuth2 authorization

  • Thomas
        Has successfully completed the online course Introduction
        Has successfully completed the online course Intermediate (200)
      5 years ago #17933

      Hi all,

      I am using OAuth2 authorization with a Redhat Keycloak authentication server. Setting up a working authorization code grant flow worked fine, I can authenticate a user with Keycloak and Simplifier also passes the bearer token in the authorization header for my REST connector to the backend services. I have two questions:

      1) It appears to me, that Simplifier does not automatically refreshes the access token with the renewal token after the access token has expired. I have to logout of Simplifier and log back in to get the access token renewed. Is there a possibility for an automated silent refresh?

      2) Keycloak passes the assigned roles of a user in the JWT access token back to Simplifier in a format like this:

      Snipped of the JWT access token:

      “resource_access”: {
      “simplifier”: {
      “roles”: [ “MY_ROLE” ]
      }
      }

      How would I define the attribute mapping in the Simplifier Role Mapping configuration to test for the value of the role MY_ROLE. I was trying several formats but none of them worked, e.g. resource_access/simplifier/roles. Even testing for the existence of the top level attribute “resource_access” returns a FALSE. It seems to me that Simplifier only recognizes a top level unstructured attribute in the JWT token, e.g. “user_role”: “MY_ROLE”. I finally recognised that Simplifier only looks at the ID token and not the access so I included the role information into the ID token, but the problem still remains.

      I appreciate any help. Regards,

      Thomas

    Viewing 1 post (of 1 total)

    You must be logged in to reply to this topic.