Uploaded image for project: 'DataWolf'
  1. DataWolf
  2. WOLF-291

Authorization fails if X-Userinfo doesn't contain email address

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Normal Normal
    • 4.5
    • None
    • Core
    • None

    Description

      For authorization, the X-Userinfo header is checking for email address to determine if a user is authorized; however, if a demo account is created in keycloak without an email address (only a username), then only a username will be present. We should simply check for "username" from the header since this covers both use cases (e.g. only a username or username and email address are the same).

       

      Similarly, IN-CORE passes in x-auth-userinfo header for the user information. We should add a check for this header and parse the user info from that.

      Gliffy Diagrams

        Attachments

          Activity

            People

              cnavarro Christopher Navarro
              cnavarro Christopher Navarro
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 2 hours
                  2h
                  Remaining:
                  Remaining Estimate - 2 hours
                  2h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified

                  Tasks