Open marvinruder opened 2 weeks ago
This is best combined with #489 (a configuration option disabling password login), so that users cannot circumvent missing access rights by setting a password and signing in with it.
Isnt the app free/open source?
Isnt the app free/open source?
@RahulMishra0722 Of course, meaning that—among other things—anyone is free to use its source code to run their own instance of it. But anyone running their own instance may want to restrict access to it, e.g. to only make it available to their family and friends and not to the general public (just like Linux is free software, but not anyone is free to log on to every Linux computer). This already works by disabling the “Allow registration” setting.
This issue aims to allow registration and authentication only for certain users on an instance configured that way: those who were given a specific access right by an external OAuth provider.
Thanks for that well defined and intuitive explanation @marvinruder i had the wrong idea about this
@stonith404 Would you accept a PR implementing this feature? I can work on this, but only want to put in the effort if I know that this idea is not misaligned with the direction of this project.
@marvinruder Yeah, I think that's a good idea. Do you have a specific provider in mind or would you create an implementation for all supported providers?
đź”– Feature description
For an OAuth provider, one can configure a list of groups. The group memberships of a user are read during authentication. If groups are configured for the provider and a user attempts to authenticate without being a member of any configured group, authentication fails, disallowing an existing user to sign in using the OAuth provider and disallowing a new user to register at all.
Optionally, a group or list of groups can be configured, where a membership in one of them is required for users to have administrative rights. The administrative rights flag is automatically updated at every OAuth login based on the current group membership status.
🎤 Pitch
I have many users configured in my OAuth provider but would like to allow access to Pingvin Share to only a subset of them.