This can be done in Keycloak, no need to manually do it here, add missing translation

2025-07-01 08:25:32 +02:00 · 2025-07-01 08:25:32 +02:00 · 5104a66cae
commit 5104a66cae
parent 7847ce4c1b
3 changed files with 2 additions and 50 deletions
--- a/API/Extensions/IdentityServiceExtensions.cs
+++ b/API/Extensions/IdentityServiceExtensions.cs
@ -97,8 +97,6 @@ public static class IdentityServiceExtensions

        if (Configuration.OidcEnabled)
        {
-            services.AddScoped<IClaimsTransformation, RolesClaimsTransformation>();
-
            // TODO: Investigate on how to make this not hardcoded at startup
            auth.AddJwtBearer(OpenIdConnect, options =>
            {
--- a/API/Helpers/RolesClaimsTransformation.cs
+++ b/API/Helpers/RolesClaimsTransformation.cs
@ -1,47 +0,0 @@
-using System.Collections.Generic;
-using System.Security.Claims;
-using System.Text.Json;
-using System.Text.Json.Serialization;
-using System.Threading.Tasks;
-using Kavita.Common;
-using Microsoft.AspNetCore.Authentication;
-
-namespace API.Helpers;
-
-/// <summary>
-/// Adds assigned roles from Keycloak under the default <see cref="ClaimTypes.Role"/> claim
-/// </summary>
-public class RolesClaimsTransformation: IClaimsTransformation
-{
-    private const string ResourceAccessClaim = "resource_access";
-    private string _clientId;
-
-    public Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
-    {
-        var resourceAccess = principal.FindFirst(ResourceAccessClaim);
-        if (resourceAccess == null) return Task.FromResult(principal);
-
-        var resources = JsonSerializer.Deserialize<Dictionary<string, Resource>>(resourceAccess.Value);
-        if (resources == null) return Task.FromResult(principal);
-
-        if (string.IsNullOrEmpty(_clientId))
-        {
-            _clientId = Configuration.OidcClientId;
-        }
-
-        var kavitaResource = resources.GetValueOrDefault(_clientId);
-        if (kavitaResource == null) return Task.FromResult(principal);
-
-        foreach (var role in kavitaResource.Roles)
-        {
-            ((ClaimsIdentity)principal.Identity)?.AddClaim(new Claim(ClaimTypes.Role, role));
-        }
-        return Task.FromResult(principal);
-    }
-
-    private sealed class Resource
-    {
-        [JsonPropertyName("roles")]
-        public IList<string> Roles { get; set; } = [];
-    }
-}
--- a/UI/Web/src/assets/langs/en.json
+++ b/UI/Web/src/assets/langs/en.json
@ -2460,7 +2460,8 @@
            "missing-email": "OpenID Connect provider did not return a valid email",
            "email-not-verified": "Your email must be verified to allow logging in via OpenID Connect",
            "no-account": "No matching account found",
-            "disabled-account": "This account is disabled, please contact an administrator"
+            "disabled-account": "This account is disabled, please contact an administrator",
+            "creating-user": "Failed to create a new user, please contact an administrator"
        }
    },