OIDC Integration - How to assign user to tenant with gRPC

sp193 · December 24, 2023, 4:21pm

From what I understand about the OIDC feature, I need to assign the newly-created user to an organization/tenant. This is supposed to be done from the registration callback (registration_callback_url).

I tried two ways:

TenantServiceGrpc, with TenantUser containing the desired tenant ID and the user_id value provided as the query parameter to the registration callback. I get an error from Chirpstack that the object (with the user ID) doesn’t exist. After I fail this API call, Chirpstack logs that it deleted the user with the exact same ID.
UserServiceGrpc, to set the User’s isAdmin flag to true. The e-mail address is obtained by reading the user from UserServiceGrpc and creating a new User:
User user = User.newBuilder(theUser).setIsAdmin(true).build();
This procedure completes, but the user created doesn’t have the same visibility as the global “admin” user. Since there’s no way to set the tenant ID, I assumed that it’s a global admin user that I created.

How am I supposed to assign the user to a tenant? Or if it’s possible to create an admin user (that’s okay for my purposes too), how do I do it correctly?

Thank you in advance.

sp193 · December 27, 2023, 8:13am

I believe it is a bug in Chirpstack v4, as there seems to be a missing clause in the code, whereby Chirpstack v3 would once re-read the user after the provisioning API is called. As documented in this part of Chirpstack v3, it is done just in case the user was updated by the provisioning API.

Either it gets fixed or maybe I will someday make a PR to fix this. Although I do software development for a living, Rust is a foreign language to me at this point.

system · March 26, 2024, 8:14am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.