[MGRTENANT-6] mgr-tenants - Impersonation client should have custom token mappers Created: 31/Dec/23  Updated: 18/Jan/24  Resolved: 18/Jan/24

Status: Closed
Project: mgr-tenants
Components: None
Affects versions: None
Fix versions: None

Type: Story Priority: P3
Reporter: Craig McNally Assignee: Pavel Filippov
Resolution: Done Votes: 0
Labels: back-end, epam-eureka, eureka-phase4, need-review
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Defines
defines UXPROD-4605 Component Ownership In Progress
Sprint: Eureka Sprint 44
Story Points: 2
Development Team: Eureka

 Description   

OverviewWhen switching affiliation the token for another tenant is retrieved with impersonation-client, currently the client doesn't add custom token claims for user_id and username which are important for _self API.  Solution:Add the following token mappers when creating the impersonation client:usernameuser_idExample from the Keycloak for login client:  



 Comments   
Comment by Pavel Filippov [ 12/Jan/24 ]

The `mgr-tenants` code contains the necessary changes

  private Client createImpersonationClient(String realm) {
    var impersonationClient = properties.getImpersonationClient();
    var secret = clientSecretService.getOrCreateClientSecret(realm, impersonationClient);
    var description = "client for impersonating user";

    var mappers = folioUserTokenMappers();
    var client = buildClient(impersonationClient, secret, description, mappers, true, true);

    return clientService.createClient(client, realm);
  }
Comment by Craig McNally [ 16/Jan/24 ]

Pavel Filippov has this made it into any of the Eureka envs yet?  

Generated at Thu Feb 08 22:31:21 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.