extra_scopes are always of type list
#457
Comments
|
I'm using https://github.com/UniversitaDellaCalabria/SATOSA-oidcop, and I opened an Issue there. However, it was recommended that this modification occurs in SATOSA and not in the plugin. For now we are doing this in the plugin: I was analyzing how to suggest this update to SATOSA, and I think it could be an alternative to put an identifier in |
|
You are right that this is happening atm. I agree with @ar-filho that this should be part of the information in the internal attributes, to specify rules for the multiplicity, the type, and even comparison options for the attributes. Doing this with a separate structure can work. Otherwise we need to extend the existing structure, but it breaks existing configurations. I think however, that we can allow to parse both the old and new format and push everyone to use the new format. The benefit of extending the existing structure is that we can ensure that the rules are in place for all attributes. With separate structure we need to find the corresponding entries or fallback to defaults. Inversely, the new structures can have more elements that the ones in the existing struct; what would that mean? It could be that we are introducing confusion and making the config more error prone by separating the structs. I am thinking about it. Any thoughts are welcome. |
Expected Behavior
extra_scopesMUST be definable to be of ANY type!I am checking the attributes sent from various OIDC-OPs, and all of the
satosainstances (eduTeams, didmos) show this problem. Most pressing is the fact that "string" type attributes are sent as a "list of strings", which is against the spec, of e.g.org_domain, orschac_home_organization. Clients my break.I theroy,
booltypeextra_scopesare possible, also "emptye list" too.Steps to Reproduce
See here: https://cvs.data.kit.edu/~naco/
The text was updated successfully, but these errors were encountered: