0

I'm looking for a way to get organizations of a user logged in using Keyrock's OAuth2.

I have Keyrock set up using docker-compose. I've created an organization and assigned users to it, using API. But, when a user logs in, both the JWT token and the /user endpoint return an empty list of organizations.

The user is assigned to an organization, I can see entries in the database and when using API:

mysql> select * from user_organization;
+----+--------+--------------------------------------+--------------------------------------+
| id | role   | user_id                              | organization_id                      |
+----+--------+--------------------------------------+--------------------------------------+
|  2 | owner  | admin                                | f21f255d-ef4c-4afd-9cc3-261e3e7dc168 |
|  3 | owner  | admin                                | 3cab93ad-83ba-404f-8499-f870d0ab0d02 |
|  4 | member | 42a336da-2321-4258-a4dd-6e447d2ee171 | 3cab93ad-83ba-404f-8499-f870d0ab0d02 |
+----+--------+--------------------------------------+--------------------------------------+

In the API, when logged in as the admin:

curl -iX GET \
  'localhost:3000/v1/organizations/3cab93ad-83ba-404f-8499-f870d0ab0d02/users/42a336da-2321-4258-a4dd-6e447d2ee171/organization_roles' \
  -H 'Content-Type: application/json' \
  -H 'X-Auth-token: 09c30919-ad6c-4eb9-9d90-283f0ae7483e'



{"organization_user":{"user_id":"42a336da-2321-4258-a4dd-6e447d2ee171","organization_id":"3cab93ad-83ba-404f-8499-f870d0ab0d02","role":"member"}}%

When I log in as the 42a336da-2321-4258-a4dd-6e447d2ee171 user using OAuth2, the JWT token has neither roles nor organizations. A part of decoded JWT token:

 "organizations": [],
  "displayName": "",
  "roles": [],
  "app_id": "d2e68240-b822-413c-978f-cc9ebdba1600",
  "trusted_apps": [],
  "isGravatarEnabled": false,
  "id": "42a336da-2321-4258-a4dd-6e447d2ee171",

similarly, when instead of JWT I use a bearer token and I get user details using the /user endpoint:

http://localhost:3000/user?access_token=5d50b9b7162fc1cf7890d3b81feb96c5b176f0c8&action=GET&resource=myResource&app_id=d2e68240-b822-413c-978f-cc9ebdba1600

{
    "organizations": [],
    "displayName": "",
    "roles": [],
    "app_id": "d2e68240-b822-413c-978f-cc9ebdba1600",
    "trusted_apps": [],
    "isGravatarEnabled": false,
    "id": "42a336da-2321-4258-a4dd-6e447d2ee171",
    "authorization_decision": "Deny",
    "app_azf_domain": "",
    "eidas_profile": {},
    "attributes": {},
    "shared_attributes": "",
    "username": "Test",
    "email": "email@example.com",
    "given_name": "Test",
    "family_name": "Test",
    "image": "",
    "gravatar": "",
    "extra": {
        "visible_attributes": [
            "username",
            "description",
            "website",
            "identity_attributes",
            "image",
            "gravatar"
        ]
    },
    "sub": "42a336da-2321-4258-a4dd-6e447d2ee171"
}

Did I miss some steps in the organization/user configuration? Is there another way to get the organizations and roles of a current user?

amroz
  • 41
  • 1
  • 7

0 Answers0