gitea/opengist
0
0
Fork 0
mirror of https://github.com/thomiceli/opengist.git synced 2025-07-09 17:38:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: read admin group from OIDC token claim (#445)

Browse Source
This commit is contained in:
Johannes Kirchner
2025-04-02 13:38:11 +02:00
committed by GitHub
parent 7907c7bc1e
commit 8cfaceb303
5 changed files with 59 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docs/configuration/oauth-providers.md
View File

@ -76,4 +76,19 @@ Opengist can be configured to use OAuth to authenticate users, with GitHub, Gite
# Discovery endpoint of the OpenID provider. Generally something like http://auth.example.com/.well-known/openid-configuration
OG_OIDC_DISCOVERY_URL=http://auth.example.com/.well-known/openid-configuration
```
### OIDC Admin Group
OpenGist supports automatic admin privilege assignment based on OIDC group claims. To configure this feature:
```yaml
oidc.group-claim-name: groups # Name of the claim containing the groups
oidc.admin-group: admin-group-name # Name of the group that should receive admin rights
```
```shell
OG_OIDC_GROUP_CLAIM_NAME=groups
OG_OIDC_ADMIN_GROUP=admin-group-name
```
The `group-claim-name` must match the name of the claim in your JWT token that contains the groups.
Users who are members of the configured `admin-group` will automatically receive admin privileges in OpenGist. These privileges are synchronized on every login.