Skip to content

Commit

Permalink
Merge pull request #2652 from ShanChathusanda93/authorized-impr-branch
Browse files Browse the repository at this point in the history 
Improve user authorization check when accessing org is different from resident org
  • Loading branch information
@ShanChathusanda93
ShanChathusanda93 authored Jan 23, 2025
2 parents e9d1095 + 4b205a4 commit f4caedd
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion ...2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/AuthzUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,7 +255,13 @@ public static boolean isUserAuthorized(AuthenticatedUser authenticatedUser, List

// Application id is not required for basic authentication flow.
List<String> roleIds = getUserRoles(authenticatedUser, null);
List<String> permissions = getAssociatedScopesForRoles(roleIds, authenticatedUser.getTenantDomain());
String tenantDomain = authenticatedUser.getTenantDomain();
if (StringUtils.isNotBlank(authenticatedUser.getAccessingOrganization()) &&
!authenticatedUser.getAccessingOrganization().
equals(authenticatedUser.getUserResidentOrganization())) {
tenantDomain = getAccessingTenantDomain(authenticatedUser);
}
List<String> permissions = getAssociatedScopesForRoles(roleIds, tenantDomain);
if (OAuthServerConfiguration.getInstance().isUseLegacyPermissionAccessForUserBasedAuth()) {
// Handling backward compatibility for previous access level.
List<String> internalScopes = getInternalScopes(authenticatedUser.getTenantDomain());
Expand Down

0 comments on commit f4caedd

Please sign in to comment.