directus-extension-openid-roles v1.0.0

Directus OpenID Roles

Map client roles from OpenID access tokens directly to Directus roles.

Install

npm install directus-extension-oidc-roles

1. Ensure that you have an openid SSO provider configured. See docker-compose.yaml for an example.
2. Within your Directus client in your SSO provider (e.g. keycloak), create client roles (not realm roles) that mirror the names of your role names within Directus (e.g. Administrator).
   • NOTE: Users within Directus can only be assigned one role, so behavior with multiple client roles assigned is not deterministic.
   • You can use AUTH_<PROVIDER>_CLAIM_NAME in case you'd prefer to use a custom claim mapping. By default, it uses resource_access.${AUTH_KEYCLOAK_CLIENT_ID}.roles.