User Claims Manager based on the AAC API. Allows for creating defining claims for a specific users and services. It is possible to manage only the custom claims of the services the signed in user has access to. The association of claims is based on the username (email). The form for the claim definition is generated automatically, based on the claim definitions (i.e, cardinality and type).
Prepare dependencies, compile and hot-reload for development, compiles and minifies for production
npm install
npm run serve
npm run build
The Claim Manager requires the AAC instance up and running. The configuration (see corresponding .env files) requires reference to the AAC endpoint and the client ID for the implicit authorization flow. The corresponding client app requires the following scopes enabled:
openid
andprofile
for basic information about the signed in userservicemanagement.me
for accessing the available service listclaimmanagement.me
for managing claims of AAC users
User Claims Manager based on the AAC API. Allows for creating defining claims for a specific users and services. It is possible to manage only the custom claims of the services the signed in user has access to. The association of claims is based on the username (email). The form for the claim definition is generated automatically, based on the claim definitions (i.e, cardinality and type).
Prepare dependencies, compile and hot-reload for development, compiles and minifies for production
npm install
npm run serve
npm run build
The Claim Manager requires the AAC instance up and running. The configuration (see corresponding .env files) requires reference to the AAC endpoint and the client ID for the implicit authorization flow. The corresponding client app requires the following scopes enabled:
openid
andprofile
for basic information about the signed in userservicemanagement.me
for accessing the available service listclaimmanagement.me
for managing claims of AAC users
The scenario makes reference to a situation, where a custom resource (e.g., a new application or a service), needs to manage abd access specific user attributes without necessarily storing them internally. An example of such a situation is a new application, where some user may have some application-specific previleges to perform certain operations. To avoid creating a management console, where these users will be associated with these custom role-like properties, it is possible to use AAC to store these properties as custom claims.
The scenario, therefore, consists of the following steps:
- Defining a new service model with the corresponding claims and scopes. Using AAC management console, the developer should create a new service definition and declare the necessary claims. For example, assuming a new servce
myService
and a necessity to manage specific access level property that contains a list of actions the end user may perform on the service, it is necessary to declare anaccesslevel
claim of type string array. - Within the same definition, it is also necessary to declare a scope, e.g.,
accesslevel.me
and associate it to theuser
type and to the above scope. In this way, to retrieve the access level of the authorized user it will be necessary for the user to grant the corresponding scope permission to the 3rd part apps accessing the service. - Configure the claim
accesslevel
for the user of interest throught the claim management console. The access to the claim management console for themyService
service is available to the same user that has created the service definition (or, following the AAC role model, has access to the same service context). - If the end user is authenticated with AAC and the client requests the access to the
accesslevel.me
scope, the custo user claim will be available as a part of the emitted JWT token claims. Otherwise, it is possible to read the information about the claims of the user through AAC Custom User Claim API.