-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support groups info through OIDC #2788
Comments
@FrostyX has took a look on what group support in Fedora OIDC, and so far no success, work in progress. |
Hi, @FrostyX @praiskup , we have some experience on {
"sub": "user123",
"name": "John Doe",
"email": "[email protected]",
"groups": [
"dev-utils",
"eBPF",
"kernel"
]
} Im trying to find a way to let |
seems lepture/authlib#549 will works like a charm |
I think we should wait Fedora guys to finish their OIDC adaptation, the #2836 works well in openEuler now :) |
As we have a basic support for OIDC, there's another feature we need so that we do not lost any functions when switching to OIDC.
Copr should have ability to fetch user's group info from Idp.
As
group info
is not covered by OIDC spec, but most of OIDC providers(etc google/auth0) support custom claimI also talk to openEuler infra team, they can add the a group scope in the OIDC provider but i have no idea what fedora OIDC provider can do.
So here's my idea: add a config item: OIDC_type(such as: google/openEuler/fedora. etc), for each type, we can have a specified impl to grab the group info
Now i'd like hear from you and what you say about this proposal :)
The text was updated successfully, but these errors were encountered: