-
Notifications
You must be signed in to change notification settings - Fork 19
Notes on simple Demo
Mike Schwartz edited this page Feb 14, 2020
·
1 revision
- GET POST PUT DELETE /company
- GET POST PUT DELETE /item
- Admin
- User
- User can only GET
- Admin can do All
User the "User Permission" (i.e. role in LDAP) to store either admin or user.
Angular 8 application using AppAuth-JS as client library
The Angular application will use the access token obtained in the OpenID Connect flow when calling the API. In the Gluu Server Token Introspection Script,replace the scope claim with either 'admin' on 'user'.
In the script, you can get the user role as follows:
context.getGrantOfIntrospectionToken().getUser()
role = userService.getCustomAttribute(user, "role")
or
userService = CdiUtil.bean(UserService)
user = context.getGrantOfIntrospectionToken().getUser();
role = userService.getCustomAttribute(user, "role")
Once the scope is properly set, we should be able to filter the API's based on method and scope.