Versions Compared

Version Old Version 5 New Version Current
Changes made by

Silvan Grüter

Witold Wabik

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The CoreOne Suite also allows for context aware resource assignments / permissions. This means, in addition to simply be in the possession of a permission like a role_claim, the possession can have a context. The context itself can be various things like I posses this permission for another user or in the context of an organization or company.

A few examples:

  • John (1) has the permission to read his own taxes in the tax application → no user context of John

  • John (1) has the permission to read Sallys (3) taxes in the tax application → user context of Sally

  • John has the permission to read the taxes of ITSENSE (7) in the tax application → organizational context of ITSENSE

Permission without a context in the context of the user himself are simply published in the tokens roles claim by default. Permissions with a context can be requested by requesting the roles_with_context scope.

...

Code Block
 "roles_with_context": [
      "{ "Role": "Read Tax", "Context": [ { "ContextObjectType": "2", "ContextObjectIdentifier": "User"1" } ] }", 
      "{ "Role": "Read Tax", "Context": [ { "ContextObjectType": "2", "ContextObjectIdentifier": "3" } ] }",
      "{ "Role": "Read Tax", "Context": [ { "ContextObjectType": "Organizational Unit1", "ContextObjectIdentifier": "7" } ] }"
  ]

...

ContextObjectIdentitfier The identifier of the context

roles_with_context_min

Info

This feature is available from version 9.1

Whenever you are requesting the roles_with_context_min scope, the token will be extend with the minified version of roles_with_context. Claim is named roles_with_context_min and contains the same data just packed differently. The “Role” string changes to “r”, “Context” becomes “c”, “ContextObjectType” becomes “cot” and “ContextObjectIdentifier“ becomes “coi“. Moreover context bundles relating to the same roles are packed together, so “c” is actually collection of context bundles”

You can see how previous example will look in minified version:

Code Block
 "roles_with_context_min": [
      "{ "r": "Read Tax", "c": [[ { "cot": "2", "coi": "1" } ], [ { "cot": "2", "coi": "3" } ], [ { "cot": "1", "coi": "7" } ]] }"
  ]

Context Transformations

Info

This feature is available from version 8.0

...