Oauth backend extending extra_scope_source

[brunomedeirosdedalus]

Hi all,

Maybe I am wrong, but as far as I know 'extra_scope_source' only allows to be set to simple strings. Would it be worth it to extend this functionality to allow basic nested structure for example (from Keycloak) realm_access.roles this would allow mapping the RabbitMQ scopes to keycloak realm roles. The JWT structure:

  "realm_access": {
    "roles": [
      "lol",
  },

[michaelklishin]

On the Keycloak-specific code path, perhaps. I don't know if every Keycloak user would want that behavior, though.

[brunomedeirosdedalus]

Yes, that is true; I use it more as an example

[brunomedeirosdedalus]

The Keycloak was an example, the idea is to build something more generic to avoid:

    Payload2 = case maps:is_key(<<"authorization">>, Payload1) of
        true  -> post_process_payload_in_keycloak_format(Payload1);

If it is expressive enough then we can avoid having to explicitly dealt with cases like the aforementioned. For example, the user could map the extra_scope_source to 'authorization.permissions' and would automatically work for the aforementioned use case.

Just an idea, I would not mind spending something time and contributing with that if you feel that it is worth it.