diff options
| author | Nico Schieder <Nico.schieder@gmail.com> | 2021-10-22 11:19:24 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-22 17:19:24 +0800 |
| commit | 870f5fbc4146110be37c28e670e57568d3db3288 (patch) | |
| tree | 69d2f6989030c459094d51bfc2798af6ae092ee0 /services | |
| parent | af96286f2254c1e073394aae0f18b132f07b38ad (diff) | |
| download | gitea-870f5fbc4146110be37c28e670e57568d3db3288.tar.gz gitea-870f5fbc4146110be37c28e670e57568d3db3288.zip | |
Add groups scope/claim to OIDC/OAuth2 Provider (#17367)
* Add groups scope/claim to OICD/OAuth2
Add support for groups claim as part of the OIDC/OAuth2 flow.
Groups is a list of "org" and "org:team" strings to allow clients to
authorize based on the groups a user is part of.
Signed-off-by: Nico Schieder <code@nico-schieder.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Diffstat (limited to 'services')
| -rw-r--r-- | services/auth/source/oauth2/token.go | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/services/auth/source/oauth2/token.go b/services/auth/source/oauth2/token.go index 16d1220842..0c7c5d8caa 100644 --- a/services/auth/source/oauth2/token.go +++ b/services/auth/source/oauth2/token.go @@ -83,6 +83,9 @@ type OIDCToken struct { // Scope email Email string `json:"email,omitempty"` EmailVerified bool `json:"email_verified,omitempty"` + + // Groups are generated by organization and team names + Groups []string `json:"groups,omitempty"` } // SignToken signs an id_token with the (symmetric) client secret key |