OICD Pluggable permission mapper (#1469)

By default the resource_access/<client id>/roles claim is mapped to hawkBit permissions. However, by registering a Spring bean _org.eclipse.hawkbit.autoconfigure.security.OidcUserManagementAutoConfiguration.JwtAuthoritiesExtractor_ a custom extractor permission mapper could be registered. Signed-off-by: Marinov Avgustin <[email protected]>
eclipse-hawkbit · Nov 3, 2023 · ac946e7 · ac946e7
1 parent 7b67de3
commit ac946e7
Show file tree

Hide file tree

Showing 3 changed files with 202 additions and 199 deletions.
diff --git a/docs/content/concepts/authorization.md b/docs/content/concepts/authorization.md
@@ -50,13 +50,11 @@ hawkbit supports authentication providers which use the OpenID Connect standard,
 An example configuration is given below.
 
     spring.security.oauth2.client.registration.oidc.client-id=clientID
-    spring.security.oauth2.client.registration.oidc.client-secret=oidc-client-secret
     spring.security.oauth2.client.provider.oidc.issuer-uri=https://oidc-provider/issuer-uri
-    spring.security.oauth2.client.provider.oidc.authorization-uri=https://oidc-provider/authorization-uri
-    spring.security.oauth2.client.provider.oidc.token-uri=https://oidc-provider/token-uri
-    spring.security.oauth2.client.provider.oidc.user-info-uri=https://oidc-provider/user-info-uri
     spring.security.oauth2.client.provider.oidc.jwk-set-uri=https://oidc-provider/jwk-set-uri
 
+Note: at the moment only DEFAULT tenant is supported. By default the resource_access/<client id>/roles claim is mapped to hawkBit permissions. However, by registering a Spring bean _org.eclipse.hawkbit.autoconfigure.security.OidcUserManagementAutoConfiguration.JwtAuthoritiesExtractor_ a custom extractor permission mapper could be registered.
+
 ### Delivered Permissions
 
 - READ_/UPDATE_/CREATE_/DELETE_TARGET for: