search

goauthentik / authentik

The authentication glue you need.
https://goauthentik.io
Other
13.47k stars 900 forks source link

Gitea: how is the correct config to use adminGroup #3640

Open genofire opened 2 years ago

genofire commented 2 years ago

The following settings does not work in gitea helmchart 

gitea:
    oauth:
        - name: "authentik"
          provider: "openidConnect"
          key: "CLIENT_ID_FROM_AUTHENTIK" #Step 1
          secret: "CLIENT_SECRET_FROM_AUTHENTIK" #Step 1
          autoDiscoveryUrl: "https://authentik.company/application/o/gitea-slug/.well-known/openid-configuration"
          iconUrl: "https://goauthentik.io/img/icon.png"
          scopes: "email profile"
+         adminGroup: "Admin"
BeryJu commented 2 years ago

cc @bpanesar who contributed the helm config

bpanesar commented 2 years ago

I've never tried configuring the adminGroup as it's optional.

My first guess as to what's missing is that right now scopes only contains email profile and it would need to contain email profile groups.

I can try and test adminGroup setup and get back to you.

BeryJu commented 2 years ago

the default profile claim includes the groups attribute