Fix OIDC federated users are not able to get scopes even though prope…

…r role mapping configurations are added Improve the code base
wso2-extensions · Jan 2, 2024 · 3eaed0d · 3eaed0d
1 parent d750fdb
commit 3eaed0d
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/...on.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/Oauth2ScopeConstants.java b/...on.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/Oauth2ScopeConstants.java
@@ -36,6 +36,7 @@ public class Oauth2ScopeConstants {
     public static final String INTERNAL_SCOPE_PREFIX = "internal_";
     public static final String INTERNAL_ORG_SCOPE_PREFIX = "internal_org_";
     public static final String CORRELATION_ID_MDC = "Correlation-ID";
+    public static final String INTERNAL_ROLE_PREFIX = "INTERNAL/";
 
     /**
      * Enums for error messages.

diff --git a/...org/wso2/carbon/identity/oauth2/validators/JDBCPermissionBasedInternalScopeValidator.java b/...org/wso2/carbon/identity/oauth2/validators/JDBCPermissionBasedInternalScopeValidator.java
@@ -68,6 +68,7 @@
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
+import static org.wso2.carbon.identity.oauth2.Oauth2ScopeConstants.INTERNAL_ROLE_PREFIX;
 import static org.wso2.carbon.identity.oauth2.Oauth2ScopeConstants.SYSTEM_SCOPE;
 import static org.wso2.carbon.identity.oauth2.util.OAuth2Util.getRolesFromFederatedUserAttributes;
 
@@ -303,8 +304,12 @@ private String[] getAllowedResourcesForNotAssociatedFederatedUser(AuthenticatedU
         if (CollectionUtils.isNotEmpty(valuesOfGroups)) {
             for (RoleMapping roleMapping : identityProvider.getPermissionAndRoleConfig().getRoleMappings()) {
                 if (roleMapping != null && roleMapping.getLocalRole() != null) {
+                    String internalRoleName =  INTERNAL_ROLE_PREFIX + roleMapping.getLocalRole().getLocalRoleName();
                     if (valuesOfGroups.contains(roleMapping.getLocalRole().getLocalRoleName())) {
                         userRolesList.add(roleMapping.getLocalRole().getLocalRoleName());
+                    } else if (StringUtils.isNotBlank(roleMapping.getLocalRole().getUserStoreId()) &&
+                            valuesOfGroups.contains(internalRoleName)) {
+                        userRolesList.add(internalRoleName);
                     }
                 }
             }