Support userinfo endpoint as fallback for groups #20
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The current implementation to retrieve groups of a user to set its permission role (
staff
,admin
) is broken and there are multiple issues open ( #8 #14).From my knowledge, Okta does not return the
groups
claim by default unless it is explicitly configured in the web UI. This solution however does not seems to work as Okta only returns groups ownership via theuserinfo
endpoint and not via thetoken
endpoint.The proposed solution applies a fallback request to the
userinfo
endpoint if thegroups
claim is not found using thetoken
endpoint. This solution does not change the current implementation but only try to retrieve thegroups
claim from a new endpoint if it's not present on thetoken
endpoint.For the sake of reusability, a new generic function to interact with the
userinfo
endpoint was added, even if at this point in time only thegroups
claim is used.