OpenID Connect group claim support
#337
Labels
Comments
|
How standard is it? Any use-cases other than nextcloud? |
|
nextcloud-oidc-login is not a usecase for yii, it is an example of a OIDC client that handles a group claim. There is no actual standard (RFC or whatever) but a strong convention among the OIDC players. However as there is no standard, the different identity providers use different claims to communicate the groups a user belongs to. This is why I suggest adding a configuration option so one can choose the right claim in which to read the user groups. |
samdark
added
status:ready for adoption
|
Sounds alright. Have time for a pull request? |
|
Not in a near future, but I would be OK to tackle this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I suggest reading the groups a user belongs to from a
groupclaim in the user JWT.There is currently no standard around a OIDC
groupclaim, but this can be done with a configuration parameter to chose which claim should be used. This is how nextcloud-oidc-login handles it, for instance.What do you think? Would you accept such a patch?
The text was updated successfully, but these errors were encountered: