Open dasunsrule32 opened 4 weeks ago
dasunsrule32
commented
4 weeks ago Is there a way to get DEBUG logs to dump to the container logs? I'm trying to dump exactly what is being consumed by Dashy when an OIDC account logs in. Maybe I can try assigning a type to what Dashy sees the email, username, etc as a type: admin. Might work..
CrazyWolf13
commented
4 weeks ago For me it always worked to intercept the URL from auth-server right before logging in into dashy, then you can decode this with I think https://jwt.io/ and you will see which data gets provided to dashy
Edit: this is not working for me for dashy, possibly due to the public client in the oidc specs, sorry.
dasunsrule32
commented
4 weeks ago I looked at the code and the default scope is: openid profile email roles groups. So the data is definitely there as long as it isn't overwritten by a custom scope in the conf.yml.
https://github.com/Lissy93/dashy/blob/master/src/utils/OidcAuth.js#L23
With the way I configured it in the docs, the following is a sample of data being sent to Dashy from authentik:
{
"iss": "https://auth.domain.com/application/o/dashy/",
"sub": "*********************",
"aud": "************************",
"exp": **********,
"iat": *************,
"auth_time": *****************,
"acr": "goauthentik.io/providers/oauth2/default",
"amr": [
"user",
"mfa"
],
"email": "test@domain.com",
"email_verified": true,
"name": "Test User",
"given_name": "Test User",
"preferred_username": "test",
"nickname": "test",
"groups": [
"authentik Admins",
"Cloudflare Users",
"pgAdmin Admins",
"KASM Admins",
"TrueNAS SCALE Admins",
"Mealie Admins",
"Mealie Users",
"Dashy Admins"
]
}
Question
Is there a way to differentiate admins and users when using OIDC? Is it possible to assign a configuration of
type: adminto an OIDC user or group? Not sure if that is implemented or not. Thank you.@twsouthwick
Category
Authentication
Please tick the boxes