Until we implement
https://casbin.org/docs/en/dispatchers#distributedenforcer it is
better to disable caching as it might cause issues otherwise when
running multiple instances of the base.
Also, now that we do not have caching, we don't have the need to
invalidate the cache after update operations.
Due to the ORY Kratos claims which has no group/groups, and as
discussed regarding mapping idp groups to Claims.Team which is string
type, Added idpGroup to kratos trait which is also string type. Both
Identity idpGroup and Claim.Team can be mapped without fail in mapper
config.
The following could be used as an optimisation when we are filtering
just by user, but decided to omit as of now.
```
usrs, err = dao.ListFilteredUsersWithGroup(ctx, s.db,
[]uuid.UUID{}, groupId, queryOptions.Q, queryOptions.Type,
queryOptions.OrderBy, queryOptions.Order,
int(queryOptions.Limit), int(queryOptions.Offset))
```
- Returns client secret on GET request, so that when UI made
modification to OIdC provider, it should be able to send back the
client secret to PUT request.
- Fix issuer url validation when udpate.
The idp_groups is list of groups IdP user belongs to that is returning
in the OIdC providers token response. The flow of Idp Group mapping is
as follows:
OIdC Provider (OP) return custom claim with groups in a token when
authentication event
|
The value of custom claim is mapped to `idp_groups` of identity
traint using JsonNet mapper.
|
On inserting/updating/deleting `identities` table, Postgresql
sends a pg_notification with
`PG_OPERATION,IDENTITY_ID,IDENTITY_TRAIN` as a payload.
|
The `pkg/service/user.UserService.UpdateIdpUserGroupPolicy` update
the casbin policies for each notification based on payload received.
