Properly figure out and document how JWT auth should work exactly (especially for editor button) #600
Comments
LukasKalbertodt
added
kind:improvement
needs:decision
|
For the uploader and Studio, this is less of a problem as configuring fixed roles on the OC side is fine. But for editor, Tobira needs to communicate "this person can edit event XY" to Opencast. This does not currently happen. The reason the editor button currently works at all is because by sending the username, Opencast loads the roles it has saved for said username. But if Opencast does not know about that user at all, then the Editor will only show a "you cannot edit this event" error. To improve anything on this front, things need to happen in Opencast. Specifically: opencast/opencast#5056 And generally, it would also be nice to have opencast/opencast#5334 figured out, to use a standard solution from the start, instead of something custom. (This information is not new, but I noticed that it wasn't written down anywhere in this repository) |
LukasKalbertodt
changed the title
JWT auth for uploader (and soon studio and editor) is working. However, it's a bit unclear how exactly roles are passed along. Currently we instruct people to configure Opencast in a way that lets people use these tools above. However, it would make sense for Tobira to send the user's roles along and Opencast to accept those?
Also what about the user ID? Is that always the same between Tobira and OC?
All this stuff should be figured out.
The text was updated successfully, but these errors were encountered: