Token based authentication
-
Hi, in your documentation here: https://jsreport.net/learn/authentication you're asking for feedback regarding the implementation of token based authentication.
While the authentication itself works fine for me (in my setup with keycloak as authorization server), it appears that the only way to use this is that I have to create users in jsreport first (in order to assign read/edit permissions on resources).
It would be way more useful for my setup if if was possible to assign permissions based on user roles; I have many users which are identified by keycloak and duplicating/managing all those users on jsreport does not seem feasible nor reasonable.
It would be great if I could define roles on jsreport, such as "editor", "viewer", "author" etc; assign resource permissions to those roles, and then define and assign those roles to users on keycloak, and jsreport would then grant access to any user having those roles accordingly, without the need to create individual users on jsreport.
Is this in any way possible maybe using an extension? Thanks in advance.
-
hi @dbaldes
thanks for the feedback.
While the authentication itself works fine for me (in my setup with keycloak as authorization server), it appears that the only way to use this is that I have to create users in jsreport first (in order to assign read/edit permissions on resources).
It would be way more useful for my setup if if was possible to assign permissions based on user roles; I have many users which are identified by keycloak and duplicating/managing all those users on jsreport does not seem feasible nor reasonable.yes, I think the same, duplicating the users is not great. this was our first implementation and we have not received so much feedback since we released it, but this is changing now because this is the second time we receive feedback about the token-based authentication, so we will make sure to discuss this and plan something, i have opened an issue about this, you can follow that issue to watch the progress about.
Is this in any way possible maybe using an extension? Thanks in advance.
this is not possible at the moment, however, everything is almost possible with an extension, just that we have not prepared something related yet, so you can build one if you get to understand how the authentication works in jsreport.
-
Thanks for the update. I will follow the issue.