jwtTokenManager does not add account properties other than roles
ujibang opened this issue · 1 comments
ujibang commented
The jwtTokenManager returns the account as a PwdCredentialAccount even if the MongoRealmAuthenticator or FileRealmAuthenticator are used.
These authenticators are able to hold more account properties that can be used in the ACL permissions.
Expected Behavior
The jwtTokenManager should be configurable add selected properties to the signed token.
Current Behavior
The jwtTokenManager returns the account as a PwdCredentialAccount. This does not allow storing additional properties.
Context
If the ACL uses a predicate on a user property, such as:
{ "mongo": {
"readFilter": { "tenants": { "_$exists": true, "$in": "@user.tenants" } }
}
The predicate will fail because the property tenants is not available.
Environment
affected version: RESTHeart 7.1