fix: role claims mapping (#5601)

* fix: role claims mapping * update oidc pkg * update oidc pkg
2025-05-28 03:08:22 +00:00 · 2023-04-04 14:36:39 +02:00 · 2023-04-04 14:36:39 +02:00 · 991a56341b
commit 991a56341b
parent d515e1a004
3 changed files with 9 additions and 13 deletions
--- a/go.mod
+++ b/go.mod
@ -57,7 +57,7 @@ require (
 	github.com/superseriousbusiness/exifremove v0.0.0-20210330092427-6acd27eac203
 	github.com/ttacon/libphonenumber v1.2.1
 	github.com/zitadel/logging v0.3.4
-	github.com/zitadel/oidc/v2 v2.2.1
+	github.com/zitadel/oidc/v2 v2.2.5
 	github.com/zitadel/saml v0.0.10
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.27.0
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.27.0
--- a/go.sum
+++ b/go.sum
@ -1141,8 +1141,8 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t
 github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
 github.com/zitadel/logging v0.3.4 h1:9hZsTjMMTE3X2LUi0xcF9Q9EdLo+FAezeu52ireBbHM=
 github.com/zitadel/logging v0.3.4/go.mod h1:aPpLQhE+v6ocNK0TWrBrd363hZ95KcI17Q1ixAQwZF0=
-github.com/zitadel/oidc/v2 v2.2.1 h1:3uaN7ERsP031MZqhqUNVyLlGB7seel/YJ0CUryjIGSQ=
-github.com/zitadel/oidc/v2 v2.2.1/go.mod h1:tGkj9lQk6KVj5hsM89XPadvi6I06666sMy3KtykvSFM=
+github.com/zitadel/oidc/v2 v2.2.5 h1:vxSVowLnvbujqmJRWsBxC7lCBZngrK0zVlQKznb4IxI=
+github.com/zitadel/oidc/v2 v2.2.5/go.mod h1:tGkj9lQk6KVj5hsM89XPadvi6I06666sMy3KtykvSFM=
 github.com/zitadel/saml v0.0.10 h1:cyKd78Vat9vz55S74lggJrXMSqbAPsnJDrPFTPScNYY=
 github.com/zitadel/saml v0.0.10/go.mod h1:Hze1/zRN9j1uh7U+89vweP/OwLNO8BLHg3zU1Jtycdg=
 github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
--- a/internal/api/oidc/client.go
+++ b/internal/api/oidc/client.go
@ -804,21 +804,17 @@ func (p *projectsRoles) Add(projectID, roleKey, orgID, domain string, isRequeste

 // projectRoles contains the roles of a project of multiple organisations
 //
-// key is the role key
-type projectRoles map[string][]projectRole
+// key of the first map is the role key,
+// key of the second map is the org id, value the org domain
+type projectRoles map[string]map[string]string

 func (p projectRoles) Add(roleKey, orgID, domain string) {
-	if len(p[roleKey]) == 0 {
-		p[roleKey] = make([]projectRole, 0, 1)
+	if p[roleKey] == nil {
+		p[roleKey] = make(map[string]string, 1)
 	}
-	p[roleKey] = append(p[roleKey], projectRole{orgID: domain})
+	p[roleKey][orgID] = domain
 }

-// projectRole contains all the organisations where a user is granted a certain role
-//
-// key is the org id, value the org domain
-type projectRole map[string]string
-
 func getGender(gender domain.Gender) oidc.Gender {
 	switch gender {
 	case domain.GenderFemale: