Hello everyone wave I m trying the Ory cloud to make more pr Ory Community #ory-network

Hello everyone :wave: I’m trying the Ory cloud to...

gifted-leather-28437

03/08/2023, 11:07 AM

Hello everyone 👋 I’m trying the Ory cloud to make more progress with the auth flow, I’m using OIDC with Ory but I’m struggling to get the user’s groups memberships with the userinfo results. Now I’m getting this despite adding (group or groups to the requested scopes)

Copy code

{
    "amr": [
        "password"
    ],
    "aud": [
        "xxxxxx-4dc9-8094-7d4926d3350e"
    ],
    "auth_time": 1678204037,
    "email": "<mailto:mounir@domain.de|mounir@domain.de>",
    "email_verified": True,
    "iat": 1678204043,
    "iss": "https: //pedantic-kilby-s9jc724ku9.projects.oryapis.com",
    "rat": 1678204033,
    "sub": "zxxxxxxx-d186-4251-8369-xxxxxxx"
}

Those are the relationships defined in the UI (I set them using the CLI) I’m using the default permissions modelling/rules:

Copy code

import { Namespace, SubjectSet, Context } from "@ory/permission-namespace-types"

/*
Define your OPL rules here. Some examples:
*/
class User implements Namespace {
  related: {
    manager: User[]
  }
}

class Group implements Namespace {
  related: {
    members: (User | Group)[]
  }
}

class Folder implements Namespace {
  related: {
    parents: (File | Folder)[]
    viewers: SubjectSet<Group, "members">[]
  }

  permits = {
    view: (ctx: Context): boolean =>
      this.related.viewers.includes(ctx.subject) ||
      this.related.parents.traverse((p) => p.permits.view(ctx)),
  }
}

class File implements Namespace {
  related: {
    parents: (File | Folder)[]
    viewers: (User | SubjectSet<Group, "members">)[]
    owners: (User | SubjectSet<Group, "members">)[]
  }

  permits = {
    view: (ctx: Context): boolean =>
      this.related.parents.traverse((p) => p.permits.view(ctx)) ||
      this.related.viewers.includes(ctx.subject) ||
      this.related.owners.includes(ctx.subject),

    edit: (ctx: Context) => this.related.owners.includes(ctx.subject),
  }
}

thanks in advance 🙂

steep-lamp-91158

03/08/2023, 12:26 PM

Ory Network consists of all of our open source projects, and we are still working on wiring all of this up. Unfortunately this is currently not done automatically, but you would have to integrate this yourself.... however, an issue in github.com/ory/network would be appreciated so we can prioritize our work better 🙏

✅ 1

gifted-leather-28437

03/08/2023, 12:29 PM

Done: https://github.com/ory/network/issues/267

Open in Slack

Previous Next