jwtTokenManager does not add account properties other than roles
ujibang opened this issue · 1 comments
ujibang commented
The jwtTokenManager returns the account as a PwdCredentialAccount
even if the MongoRealmAuthenticator
or FileRealmAuthenticator
are used.
These authenticators are able to hold more account properties that can be used in the ACL permissions.
Expected Behavior
The jwtTokenManager
should be configurable add selected properties to the signed token.
Current Behavior
The jwtTokenManager
returns the account as a PwdCredentialAccount
. This does not allow storing additional properties.
Context
If the ACL uses a predicate on a user property, such as:
{ "mongo": {
"readFilter": { "tenants": { "_$exists": true, "$in": "@user.tenants" } }
}
The predicate will fail because the property tenants
is not available.
Environment
affected version: RESTHeart 7.1