Closed jackHay22 closed 1 year ago
Here is my current understanding of how we should organize Google workspace OIDC group mapping.
"groups"
goth.User.RawData
The following code was added to Gitea by https://github.com/go-gitea/gitea/pull/21441:
func getClaimedGroups(source *oauth2.Source, gothUser *goth.User) container.Set[string] { groupClaims, has := gothUser.RawData[source.GroupClaimName] if !has { return nil } return claimValueToStringSet(groupClaims) }
source.GroupClaimName
group.Email
group.Name
Here is my current understanding of how we should organize Google workspace OIDC group mapping.
Process
"groups"
is provided as a scope to the Google Goth provider, recursively search for groups the user belongs togoth.User.RawData
The following code was added to Gitea by https://github.com/go-gitea/gitea/pull/21441:
TODO
source.GroupClaimName
come from on the Goth side?group.Email
orgroup.Name
? (Reference)