Ajout de 'roles' dans les scopes par défaut

2022-08-26 13:55:27 +02:00 · 2022-08-26 13:55:27 +02:00 · 126dbf66c2
parent a00a64a11e
commit 126dbf66c2
2 changed files with 13 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -88,6 +88,10 @@ hydra_passwordless_sender_name: "[hydra-passwordless]"
 hydra_passwordless_attributes_rewrite_rules: 
  email:
    - consent.session.id_token.email
+  email_verified:
+    - consent.session.id_token.email_verified
+  roles:
+    - "[]"

 # Hydra SAML configuration

@ -181,6 +185,8 @@ hydra_oidc_attributes_rewrite_rules:
    - consent.session.id_token.birthplace
  birthcountry:
    - consent.session.id_token.birthcountry
+  roles:
+    - "[]"

 # Hydra LDAP configuration

@ -192,6 +198,12 @@ hydra_ldap_dev_mode: false
 hydra_ldap_attributes_rewrite_rules:
  email:
    - consent.session.id_token.email
+  family_name: 
+    - consent.session.id_token.family_name
+  given_name:
+    - consent.session.id_token.given_name
+  roles:
+    - consent.session.id_token.roles
 hydra_ldap_endpoints: []
 hydra_ldap_bind_dn:
 hydra_ldap_bind_password:
--- a/templates/hydra-client.json.j2
+++ b/templates/hydra-client.json.j2
@ -9,6 +9,6 @@
 	"redirect_uris": {{ item.redirect_uris | default([]) | to_json }},
 	"response_types": {{ item.response_types | default(["code"]) | to_json }},
 	"logo_uri": {{ item.logo_uri | default("") | to_json }},
-	"scope": {{ item.scope | default("openid profile email") | to_json }},
+	"scope": {{ item.scope | default("openid profile email roles") | to_json }},
 	"token_endpoint_auth_method": {{ item.token_endpoint_auth_method | default("client_secret_post") | to_json }}
 }