cameleer/cameleer-saas
2
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: include Logto org scopes in OIDC config pushed to servers
All checks were successful
CI / build (push) Successful in 1m1s
Details
CI / docker (push) Successful in 38s
Details

Browse Source 
Without urn:logto:scope:organizations and
urn:logto:scope:organization_roles in the additionalScopes, Logto
doesn't include organization role data in the Custom JWT context.
This caused the roles claim to be empty, so all OIDC users got
defaultRoles (VIEWER) instead of their org role (e.g. owner →
server:admin).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-10 12:10:56 +02:00
parent e24c6da025
commit 9824d06824
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/java/net/siegeln/cameleer/saas/vendor/VendorTenantService.java vendored
View File

@@ -143,7 +143,10 @@ public class VendorTenantService {
"displayNameClaim", "name", "displayNameClaim", "name",
"rolesClaim", "roles", "rolesClaim", "roles",
"audience", "https://api.cameleer.local", "audience", "https://api.cameleer.local",
"additionalScopes", List.of() "additionalScopes", List.of(
"urn:logto:scope:organizations",
"urn:logto:scope:organization_roles"
)
)); ));
log.info("Pushed OIDC config to server for tenant {}", tenant.getSlug()); log.info("Pushed OIDC config to server for tenant {}", tenant.getSlug());
} catch (Exception e) { } catch (Exception e) {