|
|
@@ -143,9 +143,9 @@ async def exchange_code(request_data: ExchangeCodeRequest, db: AsyncSession = De
|
|
|
# 处理角色映射
|
|
|
logger.info(f"[exchange-code] 处理角色映射: sso_roles={sso_roles}")
|
|
|
SSO_ROLE_MAPPING = {
|
|
|
- "label_admin": "admin",
|
|
|
- "annotator": "annotator",
|
|
|
- "viewer": "viewer",
|
|
|
+ "ann_sys_admin": "admin",
|
|
|
+ "ann_operator": "annotator",
|
|
|
+ "ann_viewer": "viewer",
|
|
|
"标注管理员": "admin",
|
|
|
"标注员": "annotator",
|
|
|
"查看者": "viewer",
|
|
|
@@ -215,6 +215,7 @@ async def exchange_code(request_data: ExchangeCodeRequest, db: AsyncSession = De
|
|
|
"email": user.email or "",
|
|
|
"is_superuser": user.is_superuser,
|
|
|
"roles": user_roles,
|
|
|
+ "client_id": sso_client_id,
|
|
|
}
|
|
|
access_token = create_access_token(access_payload)
|
|
|
|
|
|
@@ -224,8 +225,10 @@ async def exchange_code(request_data: ExchangeCodeRequest, db: AsyncSession = De
|
|
|
}
|
|
|
refresh_token = create_access_token(refresh_payload)
|
|
|
|
|
|
- # 存储 token 到 Redis
|
|
|
+ # 存储 token 到 Redis(admin 通道)
|
|
|
rtm.store_access_token(access_token, access_payload)
|
|
|
+ # 同时存储 OAuth 通道 key,使 /oauth/userinfo 端点能验证该 token
|
|
|
+ rtm.store_oauth_access_token(access_token, sso_client_id, str(user.id))
|
|
|
rtm.store_refresh_token(refresh_token, str(user.id))
|
|
|
|
|
|
# ========== 步骤5:返回结果 ==========
|
