mirror of
https://github.com/paralus/paralus.git
synced 2026-05-09 09:56:45 +00:00
5e7fc110b2
The idp_groups is list of groups IdP user belongs to that is returning
in the OIdC providers token response. The flow of Idp Group mapping is
as follows:
OIdC Provider (OP) return custom claim with groups in a token when
authentication event
|
The value of custom claim is mapped to `idp_groups` of identity
traint using JsonNet mapper.
|
On inserting/updating/deleting `identities` table, Postgresql
sends a pg_notification with
`PG_OPERATION,IDENTITY_ID,IDENTITY_TRAIN` as a payload.
|
The `pkg/service/user.UserService.UpdateIdpUserGroupPolicy` update
the casbin policies for each notification based on payload received.
Ory Kratos
This directory holds Ory Kratos configurations and scripts required for rcloud-base.
Get Session token for development
Follow Development setup to start the Kratos server.
Create a temporary user and get session token:
go run development/session_main.go
{
"email": "dev+90197e7d-5f83-45e6-a2a5-86c2c76a42a7@ory.sh",
"password": "96d968dde1f24dcaad1c6162fa9ae040",
"sessionToken": "5xKgL33Oom9rmS4v9jkuAERn7yJHTLhY",
"tokenExpiry": "2022-02-24T07:16:21.169693497Z"
}
How to use token for authentication?
Start rcloud-base server with DEV=false and add token to
X-Session-Token header while making request to access resources, for example:
curl -H 'X-Session-Token: 5xKgL33Oom9rmS4v9jkuAERn7yJHTLhY' http://localhost:11000/auth/v3/sso/idp