On 8/22/22 10:14, Aki Tuomi wrote:
Hi!
You need to export them in passdb. You can do
userdb_some_field=%{oauth2:some_field}.
That is exactly what I have been looking for, thank you! Is it also
possible to extract arrays and objects from the token with this syntax?
For example, I tried to save allowed-origins which is a list of
strings but the field in the userdb was empty (but present). However,
the field was processed according to the logs.
Furthermore, it seems that only keys that have a string or an array value are processed, so it may not even be possible to extract a parent object. For a structure like this:
{
"azp": "roundcube-test",
"realm_access": {
"roles": [...]
},
"resource_access": {
"realm-management": {
"roles": [...]
},
"account": {
"roles": [...]
}
}
}
the log only shows:
auth: Debug: oauth2(...): Processing field azp auth: Debug: oauth2(...): Processing field roles
auth: Debug: oauth2(...): Processing field roles
auth: Debug: oauth2(...): Processing field roles
It also doesn't work to extract the whole token with
userdb_token=%{oauth2:access_token} (this syntax however works for
proxy authentication). Otherwise, I could just save the whole token in
the user database.
Is there some syntax I did not find in the documentation that would enable me to extract either the whole token or a whole JSON object / array?
Best regards, Felix
Gesellschaft für interkulturelles Zusammenleben gGmbH (GIZ) Felix Auringer IT Reformationsplatz 2 13597 Berlin
Tel: 030/513 0100 00; Fax: 030/513 0100 09 www.giz.berlin; felix.auringer@giz.berlin
Amtsgericht Charlottenburg HRB 200872 B Geschäftsführerin: Dr. Britta Marschke