You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First of all, thanks for all the work you did for this library.
In the app we're building with this package, we've run into a situation where we'd like to differentiate claims based on which client is authenticating (the same user may authenticate under different clients and needs different claims, in our case specifically, different access roles to the client. E.g. a user could be an admin in one client but only a user in the other).
As far as I can tell, there's no straight forward way to do this, seeing as the IdentityProvider interface only uses the user identifier from the access token.
Do you see a more straight forward way of doing this? Currently, I'm thinking I need to extend the IdTokenResponse and change the IdentityProvider::getUserEntityByIdentifier method to use the full AccessToken instead of just the user identifier, so we can get the client from the access token.
The text was updated successfully, but these errors were encountered:
First of all, thanks for all the work you did for this library.
In the app we're building with this package, we've run into a situation where we'd like to differentiate claims based on which client is authenticating (the same user may authenticate under different clients and needs different claims, in our case specifically, different access roles to the client. E.g. a user could be an admin in one client but only a user in the other).
As far as I can tell, there's no straight forward way to do this, seeing as the IdentityProvider interface only uses the user identifier from the access token.
Do you see a more straight forward way of doing this? Currently, I'm thinking I need to extend the IdTokenResponse and change the IdentityProvider::getUserEntityByIdentifier method to use the full AccessToken instead of just the user identifier, so we can get the client from the access token.
The text was updated successfully, but these errors were encountered: