Open xathon opened 9 months ago
For LDAP you have this possibility:
🤦 I missed that this was possible. I am using it with Oauth, where it's not possible, and I totally missed that this is already supported with LDAP, apologies.
no problem :) - if you have time to implement this for OAUTH you could create a pull request ;)
Based on my understanding, the ID Token in the OAuth2/OIDC protocol does not inherently include group or role claims. As a workaround, I suggest implementing group filtering directly within the OAuth2/OIDC provider, such as through client roles in KeyCloak. This approach allows for more streamlined and effective role management within the authentication process.
It would be great to have the possibility to restrict logins to a specific group listed in the /userinfo endpoint on OpenID/Oauth.