I am using Okta C# sdk for development. I have created some custom user profile attributes in the Okta. I am able to create user and save values in custom attributes.
But as I saw that when you update profile data you have to provide all the details again. If you provide specific attributes value then sets null for other attributes. So how can I update only one or two attributes so that other should not change.
Dinesh.
You can use a POST /users/:id if you want to make a partial update. Make sure not to use a PUT for this operation else you will wipe out the remaining values that are not in the Request
Related
When we initially import users into Okta via our SCIM test app, attributes like name and roles are set correctly in Okta. This appears to be configured here in the "To Okta" provisioning settings:
With the list of attributes and action to apply here:
Roles isn't listed here as an attribute, but they are part of the core schema and are imported if supplied by our SCIM app.
It looks like we can only apply these attributes on the initial create? If you edit the various attributes you'll see:
The "Create and update" option is greyed out. So it seems that you can only set attributes with the initial create. Is there some other way to update Okta with changes made in our internal system?
I created a multi-tenant application where each tenant have different set of users. I am trying to implement a functionality where same user might exist in different tenants. Does outsystems provide such functionality or I have to create my custom logic ?
Right now, I did create a user having same username in 2 different tenants and during login I am showing user to select tenants. But on changing tenants and logging to that tenant, the environment doesn't switch to that tenant that user has selected.
Below is the image of the logic of switching tenants and logging in the customer.
During debugging I saw that after executing TenantSwitch action it did change the Site.TenantID property but after User_Login action is reverted to the first tenant not the one user selected.
When you use User_Login(), the system will log you in the first Tenant it finds in the DB that has that username, thus ignoring your TenantSwitch().
So, if you want to login to a specific Tenant in your case, you need to be more explicit and instead use the Login() action - after the tenant switch.
For a thorough explanation of this, with example code, please check out the following deepdive Master Class on Multi-Tenancy starting around the 27:20 minute mark.
This isn't available out of the box as OutSystems assigns users (and all entities) to a specific tenant. Entities belonging to single tenanted modules are assigned to the default tenant.
OutSystems uses a hidden .Tenant_Id attribute on each entity to indicate which tenant that user belongs to. You can unhide this attribute for the users entity by selecting it, clicking More... and then ticking the relevant box in the Advanced tab. You can then access the attribute directly, but be aware this will hinder OutSystems' ability to do some of the stuff it does automatically to ensure that you access tenant specific data.
When you use the User_Login action OutSystems will deduce which tenant to use from the User.Tenant_Id attribute regardless of which tenant you've switched it to previously. The user would need an account for each tenant they need to use, but there's no reason this couldn't be done behind the scenes with OS fetching the correct username before logging in. You'd need to ensure they all stay in sync though, especially the passwords ofc.
I'm using Lambda functions, executed via API Gateway using a Cognito User Pool Authorizer.
I know I can get the "standard" user attributes (like sub, email, cognito:username, etc.) from event.requestContext.authorizer.claims.
But this does not include custom user attributes (like custom:myAttribute).
I know I can get them via adminGetUser, and this works, but I wonder whether I can save this call and somehow get those custom attributes automatically in the event?
Have you already looked at this doc for custom claims?
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enable-cognito-user-pool.html.
You will need to define context in following manner for custom attributes:
{
"context" : {
"role" : "$context.authorizer.claims['custom:myAttribute']"
}
}
After you add a custom attribute to a Cognito user pool and assign a value to it for a user there are a couple of reasons why it won't appear in the requestContext.authorizer.claims collection.
The first and most obvious is that you need to make the custom attribute readable via the app client you use to generate the ID token you are authenticating with. If you are using the AWS console this is done by navigating to App Clients -> Show Details -> Set attribute read and write permissions then tick the attribute(s) you want to make visible to your Lambda.
The second reason for your attribute not appearing, even if you have completed the first step, is that the user's claims are encoded in the ID token you generate. This means that if you're using an ID token created before making the attribute(s) readable you still won't see them. The solution to this is to just generate a new ID token for your user at which point you should see the attributes in your Lambda's request context.
From Dynamic Selection Of JsonView in Spring MVC Controller, I understand that you can annotate controllers using #JsonView(...) and also return MappingJacksonValue with the serialization view specified from within the method. Is there a way to globally & dynamically select the serialization view based on the currently logged-in principal? I couldn't use the solution from the linked article because the object, that I wanted to serialized with dynamically different views, is nested inside a list.
To be a little more specific, my use case is: a logged-in user can view other user account details, but cannot view specific attributes like e-mail, circle of friends, etc. unless they are viewing their own account or are already friends with that user. I want to globally be sure that the currently logged-in user cannot view attributes that they are not entitled to by the other user.
Thank you in advance!
I want to add a feature to my spring roo project. I have an user entity that logs into the application and adds additional users.
When I add those users there is an email adress(field) on which I want to send the validation with additional link to activating the account. Also the user has a field that represents if he or she has an active profile in a way is it possible to log in or not - this field needs to change after I click the provided link in the email.
I already have an velocity templates and everything set up, I just need the process of forming that link and assuring that the user will have an active account after clicking on it.
I solved this using a REST call and Spring Security. When the user first signs up, you create the UserDetails object (mine was in a DB table), but set it as not enabled before you save it (there are 4 booleans in the UserDetails object you can manipulate to enable/disable the user in various ways that Spring Security checks). I also stored a UUID code I generated off the user id in a table, and then generated an email which included a link to the REST service to validate the account.
The REST service was simple. The user clicks the link, which would include the UUID code I generated. You could optionally require them to enter some number or do something here as another authentication step, but in my case I simply looked up the UUID to get the associated UserDetails, flipped the bit to enabled and saved it, and sent them to a page saying their account was now active. I then did something like in this post to auto-login the user.