[Fix] Set correct default roles claim for Keycloak.

kbss-cvut · Oct 19, 2023 · d16e03d · d16e03d
1 parent 6da9c23
commit d16e03d
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/src/main/java/cz/cvut/kbss/termit/util/Configuration.java b/src/main/java/cz/cvut/kbss/termit/util/Configuration.java
@@ -763,8 +763,10 @@ public enum ProviderType {
 
         /**
          * Claim in the authentication token provided by the OIDC service containing roles mapped to TermIt user roles.
+         *
+         * Supports nested objects via dot notation.
          */
-        private String roleClaim = "realm_access";
+        private String roleClaim = "realm_access.roles";
 
         public ProviderType getProvider() {
             return provider;

diff --git a/src/main/java/cz/cvut/kbss/termit/util/oidc/OidcGrantedAuthoritiesExtractor.java b/src/main/java/cz/cvut/kbss/termit/util/oidc/OidcGrantedAuthoritiesExtractor.java
@@ -10,6 +10,9 @@
 import java.util.List;
 import java.util.Map;
 
+/**
+ * Converts roles claim in an OIDC access token to granted authorities.
+ */
 public class OidcGrantedAuthoritiesExtractor implements Converter<Jwt, Collection<SimpleGrantedAuthority>> {
 
     private final Configuration.Security config;