vabene1111
commented
1 week ago I understand what you mean, likely something that can be done. Given that I do not use any social auth providers anyone is welcome to implement, test and PR this feature.
Open livingsilver94 opened 1 week ago
vabene1111
commented
1 week ago I understand what you mean, likely something that can be done. Given that I do not use any social auth providers anyone is welcome to implement, test and PR this feature.
Is your feature request related to a problem? Please describe.
I'm the administrator of my homelab. My OIDC provider, Authelia, can advertise the groups I belong to when I login. It seems that Tandoor doesn't consider this feature and just assigns me to the
SOCIAL_DEFAULT_GROUP.Describe the solution you'd like
Tandoor should ask for groups when a user is logging in via openid_connect and assign the user accordingly. For example, if Authelia advertises I'm a member of
admin, then I'm allowed to join theadmingroup in Tandoor too.Describe alternatives you've considered
The solution I proposed assumes hardcoded groups (guest, user, admin). The ideal solution is to create a mapping between OIDC groups and Tandoor groups. See Mealie as an example.
Additional context
Authelia is using LDAP as a backend. Groups are coming from there, but that doesn't matter since OIDC abstracts that away.