Log In
11/03/2025
Offline
In the 6.5.3 part of the specification some details of how the OAuth2 services would integrate with OPCUA is described. However one important thing which is not discussed is:Suppose a user logs in and gets a claim token containing a list of roles. In those roles a few, dont exist in the role set of the current OPCUA server the user is trying to login to. How are those roles handled? How can an OPCUA server sync up its role set independently? I might be missing something but I dont see any reasonable way that the OPCUA server can sync up the role set independently using OAuth2. This makes it questionable what happens to those unknown roles in the claim token returned by the Authorization Service since its also not mentioned in the specification. Any help is appreciated. Again, I might be missing something here so, I would be glad to discover that a solution exists or could be found.With regards,
05/30/2017
Offline
The contents of the token are not directly related to the permissions/roles defined in any given server.
The mapping between information in a token and the local roles is defined by Part 18
https://reference.opcfoundatio.....docs/4.4.4
In this case, the server admin would set up mapping rules for the roles that actually appear in the token and the the roles it knows about.
1 Guest(s)
Usage Policy