From b37edc8ba9791d55bca09acaa463528b7a755073 Mon Sep 17 00:00:00 2001 From: Richard Nemeth Date: Sat, 14 Dec 2024 13:41:27 +0100 Subject: [PATCH] fix: check uma permissions with resource ID as well --- src/keycloak/keycloak_openid.py | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/src/keycloak/keycloak_openid.py b/src/keycloak/keycloak_openid.py index a40c55c..30670a4 100644 --- a/src/keycloak/keycloak_openid.py +++ b/src/keycloak/keycloak_openid.py @@ -803,13 +803,13 @@ class KeycloakOpenID: raise for resource_struct in granted: - resource = resource_struct["rsname"] - scopes = resource_struct.get("scopes", None) - if not scopes: - needed.discard(resource) - continue - for scope in scopes: # pragma: no cover - needed.discard("{}#{}".format(resource, scope)) + for resource in (resource_struct["rsname"], resource_struct["rsid"]): + scopes = resource_struct.get("scopes", None) + if not scopes: + needed.discard(resource) + continue + for scope in scopes: # pragma: no cover + needed.discard("{}#{}".format(resource, scope)) return AuthStatus( is_logged_in=True, is_authorized=len(needed) == 0, missing_permissions=needed @@ -1469,13 +1469,13 @@ class KeycloakOpenID: raise for resource_struct in granted: - resource = resource_struct["rsname"] - scopes = resource_struct.get("scopes", None) - if not scopes: - needed.discard(resource) - continue - for scope in scopes: # pragma: no cover - needed.discard("{}#{}".format(resource, scope)) + for resource in (resource_struct["rsname"], resource_struct["rsid"]): + scopes = resource_struct.get("scopes", None) + if not scopes: + needed.discard(resource) + continue + for scope in scopes: # pragma: no cover + needed.discard("{}#{}".format(resource, scope)) return AuthStatus( is_logged_in=True, is_authorized=len(needed) == 0, missing_permissions=needed