Add setting user property via the roles claim

[d-led]

Problem

as an admin of an Etherpad deployment I might not be able to map custom claims as these are controlled by the larger organization

Solution

If I manage to map a custom role into the roles claim (e.g. in MS/Azure/Entra ID), these will appear in the roles claim of the token:

"roles": [
  "etherpad_is_admin"
]

this change adds the possibility to set the user property, e.g. is_admin to true based on the presence of the configured string in the roles claim:

"is_admin": {"role": "etherpad_is_admin"},

Test

sorry, there's no automatic test as of now, however if you can configure the authority to either provide the role or not, visiting the admin page as a test should suffice.

Expected Behavior

if configured as above, and no other users configuration is present, then access to Admin panel should be forbidden for users that don't have that role in the roles claim

Dependencies

also upgraded dependencies:

before:

ep_openid_connect % npm outdated 
Package        Current  Wanted  Latest  Location                    Depended by
oidc-provider    8.4.5  7.14.3   8.4.5  node_modules/oidc-provider  ep_openid_connect
typescript       4.9.5   4.9.5   5.3.3  node_modules/typescript     ep_openid_connect

after:

ep_openid_connect % npm outdated
Package     Current  Wanted  Latest  Location                 Depended by
typescript    4.9.5   4.9.5   5.3.3  node_modules/typescript  ep_openid_connect

[d-led]

additional problems: upgrading the dependencies changes Ajs validation logic which then fails.

[morgenroth]

This is a neat solution! I tested it against keycloak with success. Thanks!

The alternative using Script Mapper mentioned in #44 did not worked for me. Script Mapper are no longer available in the UI of keycloak.

Please merge this PR, it is definitely needed.

[makefu]

hi, i'd also love to see this merged