feat: set groups based on OIDC claim (#5568)

Co-authored-by: Nicolas Giard <github@ngpixel.com>

feat: set groups based on OIDC claim (#5568)
91221e73 · Fionera · GitHub · 31bd3274 · 91221e73 · 91221e73
Unverified Commit 91221e73 authored Sep 06, 2022 by Fionera Committed by GitHub Sep 05, 2022
Show whitespace changes
Inline Side-by-side

Showing with 25 additions and 1 deletion

authentication.js server/modules/authentication/oidc/authentication.js +11 -0

definition.yml server/modules/authentication/oidc/definition.yml +14 -1

No files found.
--- a/server/modules/authentication/oidc/authentication.js
+++ b/server/modules/authentication/oidc/authentication.js
@@ -29,6 +29,17 @@ module.exports = {
              email: _.get(profile, '_json.' + conf.emailClaim)
            }
          })
+          if (conf.mapGroups) {
+            const groups = _.get(profile, '_json.' + conf.groupsClaim)
+            if (groups) {
+              const groupIDs = Object.values(WIKI.auth.groups)
+                .filter(g => groups.includes(g.name))
+                .map(g => g.id)
+              for (let groupID of groupIDs) {
+                await user.$relatedQuery('groups').relate(groupID)
+              }
+            }
+          }
          cb(null, user)
        } catch (err) {
          cb(err, null)

--- a/server/modules/authentication/oidc/definition.yml
+++ b/server/modules/authentication/oidc/definition.yml
@@ -49,8 +49,21 @@ props:
    default: email
    maxWidth: 500
    order: 7
+  mapGroups:
+    type: Boolean
+    title: Map Groups
+    hint: Map groups matching names from the groups claim value
+    default: false
+    order: 8
+  groupsClaim:
+    type: String
+    title: Groups Claim
+    hint: Field containing the group names
+    default: groups
+    maxWidth: 500
+    order: 9
  logoutURL:
    type: String
    title: Logout URL
    hint: (optional) Logout URL on the OAuth2 provider where the user will be redirected to complete the logout process.
-    order: 8
+    order: 10