Closed rekt-hard closed 5 days ago
@rekt-hard suggested disabling the /oauth/<remote-app>/
endpoint if the hide
config for <remote-app>
evaluates to True
.
Otherwise, users can still use that OP to authenticate, even if it's hidden.
I'll merge this PR once that functionality is added.
For dynamic cases (e.g. only allow a given OP for linking but not registering), see the example configuration.
:heart: Thank you for your contribution!
Description
A
hide
attribute is accessed at some places within the existing code already. These changes will explicitly set this attribute and use it in other places in the code as well. This will allow to hide login with an external account, while at the same time, allow to link an external account in the profile view.Per default,
hide
will evaluate toFalse
in order to be compliant with the current logic.Example config:
Login only via local keycloak:
Linking of accounts with ORCID also possible:
Checklist
Ticks in all boxes and 🟢 on all GitHub actions status checks are required to merge:
Third-party code
If you've added third-party code (copy/pasted or new dependencies), please reach out to an architect.
Reminder
By using GitHub, you have already agreed to the GitHub’s Terms of Service including that: