Added OIDC group sync functionality #3616

ssddanbrown · 2022-08-02T16:01:48Z

Is generally aligned with out SAML2 group sync functionality, but for OIDC based upon feedback in #3004.
Needed the tangential addition of being able to define custom scopes on the initial auth request as some systems use this to provide additional id token claims such as groups.

Includes tests to cover.
Tested live using Okta.

Docs Updates

Need to document group syncing completely.
Need to document the use of OIDC_ADDITIONAL_SCOPES, and it's format (comma separated string).
Need to document behaviour of default registration role (Used when remove_from_groups option is active). Same as OIDC/LDAP behaviour.

Is generally aligned with out SAML2 group sync functionality, but for OIDC based upon feedback in #3004. Neeeded the tangental addition of being able to define custom scopes on the initial auth request as some systems use this to provide additional id token claims such as groups. Includes tests to cover. Tested live using Okta.

ssddanbrown added 📖 Docs Update 🏭 Back-End 🚪 Authentication labels Aug 2, 2022

ssddanbrown added this to the Next Feature Release milestone Aug 2, 2022

ssddanbrown self-assigned this Aug 2, 2022

ssddanbrown mentioned this pull request Aug 2, 2022

OIDC Group Sync #3004

Closed

ssddanbrown merged commit 401c156 into development Aug 25, 2022

ssddanbrown deleted the oidc_group_sync branch August 25, 2022 10:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Added OIDC group sync functionality #3616

Added OIDC group sync functionality #3616

Uh oh!

ssddanbrown commented Aug 2, 2022

Uh oh!

Uh oh!

Uh oh!

Added OIDC group sync functionality #3616

Added OIDC group sync functionality #3616

Uh oh!

Conversation

ssddanbrown commented Aug 2, 2022

Docs Updates

Uh oh!

Uh oh!