You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The concrete problem I am trying to solve is to only allow access to my services to users that are in predetermined servers (guilds).
Describe what you'd like Logto to have
After obtaining accessToken, you can make an additional request to retrive the users' guilds if the guilds scope is present: (config.scope ?? defaultScope).split(" ").includes("guilds").
Storing this in the users' extra data field could allow for mapping groups per server (for instance, only allowing access to some services if the user is part of a certain guild). This way, you could safely expose a service behind LogTo and oauth2-proxy, but only allow users in a particular server to actually become authorized.
That said, I am not sure if LogTo actually has a mapping system like that though... Still, I think this would be quite useful!
Thank you and kind regards,
Ingwie
The text was updated successfully, but these errors were encountered:
Hi @IngwiePhoenix, thank you for your detailed feedback and for sharing your use case. This is a great suggestion, and we’ll definitely consider it for future improvements.
In the meantime, we’d also welcome any code contributions if you’d like to help implement this feature. Feel free to open a pull request or discuss further in the repository.
What problem did you meet?
While playing around with a demo instance outside my cluster, I tested the Discord connector and found that it obtained and returned everything I asked. Except for the guilds, since this is an additional request. So I looked for this feature in the connector's code here: https://github.com/logto-io/logto/blob/master/packages/connectors/connector-discord/src/index.ts#L90-L141
The concrete problem I am trying to solve is to only allow access to my services to users that are in predetermined servers (guilds).
Describe what you'd like Logto to have
After obtaining
accessToken
, you can make an additional request to retrive the users' guilds if theguilds
scope is present:(config.scope ?? defaultScope).split(" ").includes("guilds")
.Storing this in the users' extra data field could allow for mapping groups per server (for instance, only allowing access to some services if the user is part of a certain guild). This way, you could safely expose a service behind LogTo and oauth2-proxy, but only allow users in a particular server to actually become authorized.
That said, I am not sure if LogTo actually has a mapping system like that though... Still, I think this would be quite useful!
Thank you and kind regards,
Ingwie
The text was updated successfully, but these errors were encountered: