achetronic
commented
5 months ago For those looking for thia feature, we have created a little syncer for this:
Open achetronic opened 5 months ago
achetronic
commented
5 months ago For those looking for thia feature, we have created a little syncer for this:
rfc2119
commented
4 months ago I second this. We eventually resorted to using Dex to get the groups.
Is your feature request related to a problem? Please describe. I'm always frustrated when using Google Oauth2 client as OIDC due to groups are not included in the JWT
Describe the solution you'd like The exact same as you use in Hashicorp Vault. Basically, use a Google Service Account to access Admin Console API (gsuite, google workspace) and retrieve the groups for a user to bind them to boundary roles internally
Describe alternatives you've considered Craft a complete proxy that intercepts the JWTs and inject some custom claims, and then resign the token. But i'm not sure if this is completely possible
Explain any additional use-cases n/a
Additional context Most companies out there use groups as separator in Google Workspace for employees when using Google as cloud provider... Completely agree this is Google's blame, but please, could you support the same that you support on Vault? 🙏🏼