Forum Simplifier Forum Identity Providers OAuth2 token renewal and Simplifier Role Mapping with OAuth2 authorization

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #17933
    AvatarThomas
    Participant
      Has successfully completed the online course No-Code.
      Has successfully completed the online course Low-Code.
    • Topics: 3
    • Replies: 0

    Hi all,

    I am using OAuth2 authorization with a Redhat Keycloak authentication server. Setting up a working authorization code grant flow worked fine, I can authenticate a user with Keycloak and Simplifier also passes the bearer token in the authorization header for my REST connector to the backend services. I have two questions:

    1) It appears to me, that Simplifier does not automatically refreshes the access token with the renewal token after the access token has expired. I have to logout of Simplifier and log back in to get the access token renewed. Is there a possibility for an automated silent refresh?

    2) Keycloak passes the assigned roles of a user in the JWT access token back to Simplifier in a format like this:

    Snipped of the JWT access token:

    “resource_access”: {
    “simplifier”: {
    “roles”: [ “MY_ROLE” ]
    }
    }

    How would I define the attribute mapping in the Simplifier Role Mapping configuration to test for the value of the role MY_ROLE. I was trying several formats but none of them worked, e.g. resource_access/simplifier/roles. Even testing for the existence of the top level attribute “resource_access” returns a FALSE. It seems to me that Simplifier only recognizes a top level unstructured attribute in the JWT token, e.g. “user_role”: “MY_ROLE”. I finally recognised that Simplifier only looks at the ID token and not the access so I included the role information into the ID token, but the problem still remains.

    I appreciate any help. Regards,

    Thomas

    • This topic was modified 3 weeks, 5 days ago by chris.
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.