search

jaredhanson / passport-openidconnect

OpenID Connect authentication strategy for Passport and Node.js.
https://www.passportjs.org/packages/passport-openidconnect/?utm_source=github&utm_medium=referral&utm_campaign=passport-openidconnect&utm_content=about
MIT License
188 stars 173 forks source link

Feature: Support groups #101

Open mstrhakr opened 1 year ago

mstrhakr commented 1 year ago

This small addition allows for groups to be passed back as part of the profile.

This is tested and working with a combination of Meshcentral and Authelia

closes #100

kyler-rosquist-d commented 1 year ago

Hi @jaredhanson, do you plan to merge this anytime soon? Really hoping we can get this through; otherwise, I'll have to find another approach. (cc: @mstrhakr )

krishnadubagunta commented 1 year ago

:+1 this is useful for us too. @jaredhanson (CC: @mstrhakr)

kyler-rosquist-d commented 1 year ago

openid-client supports scopes and worked well for me. @krishnadubagunta

jaredhanson commented 1 year ago

As a rule, I don't merge pull requests that lack corresponding tests. I'll merge this if tests are added, otherwise it'll have to wait until I have time to write the tests.

I'd also like to see examples of how Meshcentral, Authelia, and other IDPs are encoding the group claim. Just as Passport normalizes the user profile, the group claim should be normalized to a well-defined structure as well. The group claim defined by the JWT Profile for Access Tokens (RFC 9068) would make a good option for normalization.

mstrhakr commented 1 year ago

As a rule, I don't merge pull requests that lack corresponding tests. I'll merge this if tests are added, otherwise it'll have to wait until I have time to write the tests.

I'd also like to see examples of how Meshcentral, Authelia, and other IDPs are encoding the group claim. Just as Passport normalizes the user profile, the group claim should be normalized to a well-defined structure as well. The group claim defined by the JWT Profile for Access Tokens (RFC 9068) would make a good option for normalization.

I'm not a real programmer but can take a crack at these tests, assuming I can base them on the current tests. I don't have nearly the free time I used to but it can't be that hard to write the tests (famous last words haha).

I'll check out the documentation you provided for cleaning up the data, I don't actually remember how it gets pulled in so I'll need some time to figure it all out again.

Happy to get the requirements though so thanks for the response!

GegudeBR commented 1 month ago

This change made groups claims work using Entra ID's OAuth2 on Wiki.js (using passport). It would be nice to have it implemented so we don't need to manually change the files.

UltimatumGamer commented 1 day ago

+1