IDAM-467 - updating the role to add claims

nice-digital · Nov 1, 2021 · 2e74809 · 2e74809 · NICE-TeamCity · Nov 1, 2021
1 parent 0856e00
commit 2e74809
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 17 deletions.
diff --git a/custom-pages/clients/Test apps.json b/custom-pages/clients/Test apps.json
@@ -15,7 +15,8 @@
   "client_id": "",
   "client_secret": "",
   "client_metadata": {	
-    "authorise_uri": ""	
+    "authorise_uri": "",
+    "role_issuers": ""
   },
   "jwt_configuration": {
     "alg": "RS256",

diff --git a/custom-pages/rules/Add roles to id token for nextjs client.js b/custom-pages/rules/Add roles to id token for nextjs client.js
@@ -12,6 +12,7 @@ function (user, context, callback) {
   } 
 
   let idTokenClaims = context.idToken || {};
+  let accessTokenClaims = context.accessToken || {};
 
   console.log("hitting the rule which to add roles to the id token - next js app found.");
 
@@ -52,35 +53,24 @@ function (user, context, callback) {
         throw new Error(error);
       }
 
-      console.log("response body received:");      
-      console.log(body);
       const claims = JSON.parse(body);
 
-      console.log("context:");
-      console.log(context);
-
       var applicationMetadata = context.clientMetadata;
 
       if (applicationMetadata && applicationMetadata.role_issuers){
 
         const role_issuers = applicationMetadata.role_issuers.split(',');
 
-        console.log(Array.isArray(claims));
-
-        console.log("issuers:");
-        console.log(role_issuers);
+        const roleType = "http://identity.nice.org.uk/claims/role";
 
-        const rolesToAdd = claims.filter(role => role.type === "http://identity.nice.org.uk/claims/role" && 
+        const rolesToAdd = claims.filter(role => role.type === roleType && 
                                                role_issuers.includes(role.issuer));
 
-        console.log("roles:");
-        console.log(rolesToAdd);
-
-        for (const roleToAdd of rolesToAdd) { 
-          idTokenClaims[roleToAdd.type] = roleToAdd.value; //todo: figure this out.
-        }
+        idTokenClaims[roleType] = rolesToAdd.map(r => r.value);
+        accessTokenClaims[roleType] = rolesToAdd.map(r => r.value);
 
         context.idToken = idTokenClaims;      
+        context.accessToken = accessTokenClaims;
       }      
 
       callback(null, user, context);