Authentication¶
Older versions of DAMAP made hardcoded assumptions about how your login server worked. Version 5.0.0 gives you full control, but this means you must explicitly map your configuration settings to the new format.
Every attribute related to user identity must now be clearly defined in your environment variables (the previous approach using the application.yml is getting deprecated). Please update your configuration by replacing the old attributes with the new ones, and adding the required new fields:
| Old Attribute (v4.x) | New Attribute (v5.0.0) - Env Variable | What it means |
|---|---|---|
damap.auth.backend.url |
DAMAP_QUARKUS_OIDC_AUTH_SERVER_URL |
The address the backend uses to verify user logins. |
damap.auth.backend.client |
DAMAP_QUARKUS_OIDC_CLIENT_ID |
The application's registered ID on your login server. |
damap.auth.frontend.url |
DAMAP_QUARKUS_OIDC_TOKEN_ISSUER |
The trusted source that issues the login tokens and the address the frontend redirects users to for login. |
damap.auth.user |
DAMAP_AUTH_USER_ID_CLAIM |
Tells DAMAP which field holds the user's unique login ID. |
| (None - previously hardcoded) | DAMAP_AUTH_EMAIL_CLAIM |
You must now explicitly state which field holds the user's email address. |
| (None - previously hardcoded) | DAMAP_AUTH_NAME_CLAIM |
You must now explicitly state which field holds the user's full display name. |
| (None - previously hardcoded) | DAMAP_AUTH_GIVEN_NAME_CLAIM |
You must now explicitly state which field holds the user's first name. |
| (None - previously hardcoded) | DAMAP_AUTH_FAMILY_NAME_CLAIM |
You must now explicitly state which field holds the user's last name. |
| (None - previously hardcoded) | DAMAP_AUTH_AFFILIATIONS_CLAIM |
You must now explicitly state which field holds the user's institutional affiliation (e.g., whether they are a researcher at University A). This is only needed in a multitenant setup. |
| (None - previously hardcoded) | DAMAP_AUTH_USER_ROLES_CLAIM_PATH |
The location in the access token where DAMAP can find the user's system roles (like admin rights). |
| (None - previously hardcoded) | DAMAP_AUTH_ADMIN_ROLE_NAME |
The exact name of the role that gives a user full administrator privileges over the DAMAP instance. |
| (None - previously hardcoded) | DAMAP_AUTH_SCOPE |
A list of permissions DAMAP asks for during login so it can read the user's basic profile information. |