-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathcustom_roles.js
More file actions
33 lines (31 loc) · 878 Bytes
/
custom_roles.js
File metadata and controls
33 lines (31 loc) · 878 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
/**
* sets the roles an additional claim in the token with roles as value an project as key
*
* The role claims of the token look like the following:
*
* // added by the code below
* "my:zitadel:grants": ["{projectId}:{roleName}", "{projectId}:{roleName}", ...],
* // added automatically
* "urn:zitadel:iam:org:project:roles": {
* "asdf": {
* "201982826478953724": "zitadel.localhost"
* }
* }
*
* Flow: Complement token, Triggers: Pre Userinfo creation, Pre access token creation
*
* @param ctx
* @param api
*/
function flatRoles(ctx, api) {
if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) {
return;
}
let grants = [];
ctx.v1.user.grants.grants.forEach(claim => {
claim.roles.forEach(role => {
grants.push(claim.projectId+':'+role)
})
})
api.v1.claims.setClaim('my:zitadel:grants', grants)
}