Summary:

The code changes in this pull request appear to be an update to the role-scope-mappings.json file, which defines the permissions and roles for the Jans Auth Server application. The key changes include the addition of new permissions related to session management and read-only access to configuration data, as well as the granting of these new permissions to the api-admin role.

From an application security perspective, these changes suggest that the application is expanding its administrative capabilities, particularly around user session management and access to configuration data. It's important to ensure that these new permissions are granted only to the necessary roles and that the application's access control mechanisms are properly implemented and tested to prevent unauthorized access or abuse. Additionally, it's recommended to review the existing permissions and roles to ensure that the least-privilege principle is being followed, and that users are granted only the minimum permissions required to perform their tasks.

Files Changed:

• jans-linux-setup/jans_setup/templates/jans-auth/role-scope-mappings.json: This file has been updated to include the following changes:
  • New permissions added:
    • https://jans.io/oauth/jans-auth-server/session.delete: Allows deleting user sessions.
    • revoke_session: Allows revoking user sessions.
    • https://jans.io/oauth/config/data.readonly: Allows read-only access to configuration data.
  • Role permissions changes:
    • The api-admin role has been granted the new session.delete and revoke_session permissions, which allow for more extensive control over user sessions.
    • The api-admin role has also been granted the new data.readonly permission, which provides read-only access to the application's configuration data.