Anand Kumar
Anand Kumar
Hi @KOTTIRAMSAI , Add the below configuration in the [property file](https://github.com/eclipse/hawkbit/blob/master/hawkbit-autoconfigure/src/main/resources/hawkbit-security-defaults.properties) ``` spring.security.oauth2.client.registration.oidc.client-id: spring.security.oauth2.client.registration.oidc.client-secret: spring.security.oauth2.client.registration.oidc.scope: openid,profile,email spring.security.oauth2.client.provider.oidc.issuer-uri: ```
Hi @KOTTIRAMSAI , You do not need any additional configuration to enable the OIDC. As soon as you have the OIDC configuration in properties file, it automatically enables this feature....
Hi @KOTTIRAMSAI You have to first assign the software module to distribution set (using drag and drop in Distributions page) in order to see the distribution sets in the deployment...
Hi @dennis-kuypers-gcx Hawkbit uses the authorities/claims from token to check the permissions to access the respective resources. I am afraid that you might need to adjust the code according to...
Hi @dennis-kuypers-gcx In regards of Hawkbit and according to the [OAuth concept](https://datatracker.ietf.org/doc/html/rfc6749#section-1.1): `Resource Owner` is an end user, `Resource server` is the Hawkbit resource API, `Client` is the Hawkbit UI...
Hi @dennis-kuypers-gcx , You are partially right here - "It looks like there are two OAuth access tokens thrown together (one against the hawkbit api and one against userinfo/OIDC)." Hawkbit...
Yes, It is a mix of Authentication and Authorization. Checking `id_token` can provide more flexibility for validating claims and yes, this could also be one way to solve your issue.
Hi @dennis-kuypers-gcx Feel free to propose the solution. We will review and also verify about the other additional factors if needed.