Menu
▾
▴
Re: [Unity-idm-discuss] Oauth2 client: 404?
|
From: Krzysztof B. <kb...@un...> - 2016-12-20 22:46:02
|
Jan, W dniu 20.12.2016 o 15:45, Jan Wielemaker pisze: > I see how it works now. The docs give "Endpoint type", you can look > that up in conf/unityServer.conf and then you add the "exposed paths". > Great. Correct. > > I get through the `code' flow now. But ... Despite I ask for the > `profile` scope, I configured that and set cn and email for the test > user, I get no scope attributes :( I get > > from POST /oauth2/token: > > - access_token: ... > - token_type: "Bearer" > > From GET /oauth2/userinfo: > > - sub: ... There is couple of things that you could misconfigure. The most common problem at beginning is the fact that Unity has group-scoped attributes. Therefore when you cofigure OAuth scopes for your endpoint, make sure that you define the attributes for users in the group which is set as users group in the OAuth endpoint configuration. The key config settings: unity.oauth2.as.usersGroup=/someGroup unity.oauth2.as.scopes.1.name=foo unity.oauth2.as.scopes.1.description=Provides access to foo info unity.oauth2.as.scopes.1.attributes.1=cn unity.oauth2.as.scopes.1.attributes.2=o With the above config you have to set cn and o attributes in the group /someGroup for each user. Otherwise the attributes won't be exposed by the endpoint. > > If I login with google, the token endpoint gives me an attribute > token_id, which is a JWT string that gives me the scope attributes. > > Almost there (I think) ... > > Thanks --- Jan > > P.s. Possibly related, I added the email and cn attributes to the > user through the admin/admin interface. After login as the > test user I had expected to see these attributes, but nope. > Is that expected? The question is about what you see in the Home (profile) endpoint? If so, you have to set what attributes are shown in the HomeUI. You can do this in endpoint's config, e.g.: unity.userhome.attributes.1.attribute=cn unity.userhome.attributes.1.group=/ unity.userhome.attributes.1.showGroup=true unity.userhome.attributes.1.editable=true note that the editable=true will work only for attributes which are globally set (attribute type settings) as self modifiable. Best, Krzysztof |
