External Identity Providers - Groups/Teams Assignments #4349
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
This PR addresses a couple of issues related to loading of roles and teams with external identity providers (Okta, Auth0). Basically, the following two properties should now work as expected. More details below.
1.
groups
Field Now Taken Into ConsiderationPrior to this PR, setting Identity roles via the
groups
property would not be handled. Onlygroup
was working, which was with 5.40 marked as deprecated.2. Programatically Created Roles Now Work
Prior to this PR, trying to assign roles that were defined programatically did not work. This has now been addressed.
3. Ability To Assign Teams
Assigning teams to identities was not possible already for some time. This has now finally been taken care of.
Extra Changes
Was trying to avoid any bigger refactors, but ultimately, was not able to avoid it.
Now, both Okta and Auth0 use a single authorizer created via the
createGroupsTeamsAuthorizer
factory.Previously, we had two separate authorizers, one within each package, which were basically the same. Or at least they should've been. Comparing the two revealed that the code wasn't the same and that the behaviour of these authorizers isn't the same, but should've been.
How Has This Been Tested?
Manually.
Documentation
Changelog.