fix: role assertion (#1986)

* fix: enum to display access token role assertion * improve assertion descriptions * fix nil pointer
2025-01-06 13:05:32 +00:00 · 2021-07-07 11:51:20 +02:00 · 2021-07-07 11:51:20 +02:00 · 38a4683bab
commit 38a4683bab
parent 6fa3076f74
4 changed files with 9 additions and 9 deletions
--- a/console/src/app/pages/projects/apps/app-detail/app-detail.component.html
+++ b/console/src/app/pages/projects/apps/app-detail/app-detail.component.html
@ -259,7 +259,7 @@
                        </mat-select>
                    </cnsl-form-field>

-                    <mat-checkbox *ngIf="accessTokenType?.value === OIDCTokenType.OIDCTOKENTYPE_JWT" class="full-width"
+                    <mat-checkbox *ngIf="accessTokenType?.value === OIDCTokenType.OIDC_TOKEN_TYPE_JWT" class="full-width"
                        formControlName="accessTokenRoleAssertion" color="primary">
                        {{'APP.OIDC.ACCESSTOKENROLEASSERTION' | translate}}</mat-checkbox>

--- a/console/src/assets/i18n/de.json
+++ b/console/src/assets/i18n/de.json
@ -907,7 +907,7 @@
      "SELECTGROUPTOOLTIP": "Wähle alle Rollen der Gruppe {{group}} aus.",
      "OPTIONS": "Optionen",
      "ASSERTION": "Rollen bei Authentisierung mitschicken",
-      "ASSERTION_DESCRIPTION": "Rolleninformationen werden der Authentisierung per Token, UserInfo Endpoint oder anderen Methoden bereitgestellt, die in Applikationseinstellungen definiert sind.",
+      "ASSERTION_DESCRIPTION": "Rolleninformationen werden auf dem UserInfo Endpoint oder je nach Applikationseinstellungen in Tokens oder anderen Methoden bereitgestellt.",
      "CHECK": "Rollen bei Authentisierung prüfen",
      "CHECK_DESCRIPTION": "Ist das Attribut gesetzt, kann ein Benutzer nur mit einem entsprechenden Rolle authentifiziert werden."
    },
@ -1172,9 +1172,9 @@
      "OVERVIEWSECTION": "Übersicht",
      "OVERVIEWTITLE": "Deine Konfiguration ist bereit. Du kannst sie hier nochmals prüfen.",
      "ACCESSTOKENROLEASSERTION": "Benutzerrollen dem Access Token hinzufügen",
-      "ACCESSTOKENROLEASSERTION_DESCRIPTION": "Bei Auswahl werden dem Access Token die Rollen des Authentifizierten Benutzers hinzugefügt.",
+      "ACCESSTOKENROLEASSERTION_DESCRIPTION": "Bei Auswahl werden dem Access Token die angeforderten Rollen des authentifizierten Benutzers hinzugefügt.",
      "IDTOKENROLEASSERTION": "Benutzerrollen im ID Token",
-      "IDTOKENROLEASSERTION_DESCRIPTION": "Bei Auswahl werden dem Id Token die Rollen des Authentifizierten Benutzers hinzugefügt.",
+      "IDTOKENROLEASSERTION_DESCRIPTION": "Bei Auswahl werden dem ID Token die angeforderten Rollen des authentifizierten Benutzers hinzugefügt.",
      "IDTOKENUSERINFOASSERTION": "User Info im ID Token",
      "IDTOKENUSERINFOASSERTION_DESCRIPTION": "Ermöglich OIDC clients claims von profile, email, phone und address direkt vom ID Token zu beziehen.",
      "CLOCKSKEW": "ermöglicht Clients, den Taktversatz von OP und Client zu verarbeiten. Die Dauer (0-5s) wird der exp addiert und von iats, auth_time und nbf abgezogen.",
--- a/console/src/assets/i18n/en.json
+++ b/console/src/assets/i18n/en.json
@ -908,8 +908,8 @@
      "CREATIONDATE": "Created",
      "SELECTGROUPTOOLTIP": "Select all Roles of the group {{group}}.",
      "OPTIONS": "Options",
-      "ASSERTION": "Assert Roles on Authentication.",
-      "ASSERTION_DESCRIPTION": "Roleinformation is sent as Token, Userinfo endpoint or other type, depending on your application settings.",
+      "ASSERTION": "Assert Roles on Authentication",
+      "ASSERTION_DESCRIPTION": "Role information is sent from Userinfo endpoint and depending on your application settings in tokens and other types.",
      "CHECK": "Check roles on Authentication",
      "CHECK_DESCRIPTION": "If set, users are only allowed to authenticate if any role is assigned to their account."
    },
@ -1175,9 +1175,9 @@
      "OVERVIEWSECTION": "Overview",
      "OVERVIEWTITLE": "You are now done. Review your configuration.",
      "ACCESSTOKENROLEASSERTION": "Add user roles to the access token",
-      "ACCESSTOKENROLEASSERTION_DESCRIPTION": "If selected, the roles of the authenticated user are added to the access token.",
+      "ACCESSTOKENROLEASSERTION_DESCRIPTION": "If selected, the requested roles of the authenticated user are added to the access token.",
      "IDTOKENROLEASSERTION": "User roles inside ID Token",
-      "IDTOKENROLEASSERTION_DESCRIPTION": "If selected, the roles of the authenticated user are added to the ID token.",
+      "IDTOKENROLEASSERTION_DESCRIPTION": "If selected, the requested roles of the authenticated user are added to the ID token.",
      "IDTOKENUSERINFOASSERTION": "User Info inside ID Token",
      "IDTOKENUSERINFOASSERTION_DESCRIPTION": "Enables clients to retrieve profile, email, phone and address claims from ID token.",
      "CLOCKSKEW": "Enables clients to handle clock skew of OP and client. The duration (0-5s) will be added to exp claim and subtracted from iats, auth_time and nbf.",
--- a/internal/project/repository/eventsourcing/model/api_config.go
+++ b/internal/project/repository/eventsourcing/model/api_config.go
@ -73,7 +73,7 @@ func (p *Project) appendChangeAPIConfigEvent(event *es_models.Event) error {
 	}

 	if i, a := GetApplication(p.Applications, config.AppID); a != nil {
-		if p.Applications[i].OIDCConfig == nil {
+		if p.Applications[i].APIConfig == nil {
 			return errors.ThrowInvalidArgument(nil, "MODEL-ADbsd", "api config is nil")
 		}
 		return p.Applications[i].APIConfig.setData(event)