Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature: Restrict OIDC login by claim #2626

Open
fzakfeld opened this issue Dec 13, 2024 · 0 comments
Open

Feature: Restrict OIDC login by claim #2626

fzakfeld opened this issue Dec 13, 2024 · 0 comments
Labels

Comments

@fzakfeld
Copy link

Related to

Web-Backend (APIs), Configuration

Impact

nice to have

Missing Feature

Currently all users of a configured OIDC provider can login and users are created automatically. It should be possible to only let OIDC users through when they have a specific claim, e.g. a role or group.

Implementation

If the claims look this

{
    "username": "foo",
    "groups": ["semaphore", "otherapp"]
}

Then I'd like to check if the "groups" claim contains "semaphore"

Design

Thinking about a config option with a Go Template which does the evaluation. This would be a flexible way of checking for specific strings, a string in a lists etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant