If I am going to use Twitter OpenID authentication, do I still need to put all users into settings.js to give them their permissions? Is this correct, or do I miss something?
If I would set up my own OpenID Server (e.g. Keycloak), could I set up the permissions in the OpenID server for each user, and then I would not need to manual put users and permissions into settings.js?
My settings.js for Twitter looks like this, with the usernames and permissions included.
adminAuth: {
type:"strategy",
strategy: {
name: "twitter",
label: 'Sign in with Twitter',
icon:"fa-twitter",
strategy: require("passport-twitter").Strategy,
options: {
consumerKey: TWITTER_APP_CONSUMER_KEY,
consumerSecret: TWITTER_APP_CONSUMER_SECRET,
callbackURL: "http://[my host name here]/auth/strategy/callback",
verify: function(token, tokenSecret, profile, done) {
done(null, profile);
}
},
},
users: [
{ username: "Admin", permissions: ["*"]},
{ username: "UserA", permissions; ['Read']}
]
};
