I’m new in Corteza, and while reading the documentation, I saw that it’s possible to create contextual role expressions. I currently have a Corteza instance where users can log in using an external OIDC provider, and it’s working fine. However, I’d like to create a role where users can only see items that share the same organisationID as theirs. To achieve this, I need to access the claims from the access token. Is it possible to do this using contextual roles? Something like::
The token you get from Corteza API is not the one the OIDC provided – it’s an internal JWT.
At the moment, you also can’t access the access token in this way (not sure when/if we’d support this).
For this use-case, allowing some extra/custom values on the user object might be easier. What do you think?
What I’m trying to do as I’m not able to get the claims is having a pre filled relationship table relating userID with organisationID. In a workflow that runs before login I’m able to get this relation now. I’m searching for a way to filter every record as resource.values.organisationID == the orgID I get in the workflow. Can I do it in workflow itself?