Staging instance, all changes can be removed at any time

Skip to content

django: Add keycloak realm roles in user permissions set

Keycloak also allow to define user roles at realm level to define permissions at a global level not tight to a client.

Include these extra roles in the user permissions set from the decoded token content.

As a consequence, some parameters of the keycloak_oidc_factory function got renamed, this will break swh-deposit and swh-web tests but I will push diffs to fix that (D5579, D5580)

Related to swh-web#3213 (closed)


Migrated from D5578 (view on Phabricator)

Merge request reports

Loading