diff options
Diffstat (limited to 'keystone/common/authorization.py')
| -rw-r--r-- | keystone/common/authorization.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/keystone/common/authorization.py b/keystone/common/authorization.py index 3d97b540b..7d324e101 100644 --- a/keystone/common/authorization.py +++ b/keystone/common/authorization.py @@ -34,6 +34,7 @@ It is a dictionary with the following attributes: * ``domain_id`` (optional): domain ID of the scoped domain if auth is domain-scoped * ``roles`` (optional): list of role names for the given scope +* ``group_ids``: list of group IDs for which the API user has membership """ @@ -81,6 +82,8 @@ def v3_token_to_auth_context(token): creds['roles'] = [] for role in token_data['roles']: creds['roles'].append(role['name']) + creds['group_ids'] = [ + g['id'] for g in token_data['user'].get('OS-FEDERATION:groups', [])] return creds |