GitHub OAuth2. How to provide access to teams.

[VShamray1979]

I have a config that provides user access that is well described here. https://akhq.io/docs/configuration/authentifications/github.html Can team-based access be provided to the GitHub team?

[AlexisSouquiere]

I'm not sure to understand what you mean by team-based access but I can at least explain you the current behaviour. AKHQ does a call on https://api.github.com/user to get the user details an retrieve the username (login field in the response) and map the username with the groups defined in the AKHQ configuration.

From what I'm seeing in the codebase, GitHub SSO/Oauth2 can also take a groups mapping like for OIDC. It will help you to map a field from the GitHub user endpoint to the AKHQ groups. See here for the details of the /user response and the available fields.

So you can setup groups mapping like this:

akhq:
  security:
    default-group: no-roles
    oauth2:
      enabled: true
      providers:
        github:
          label: "Login with GitHub"
          username-field: login
          groups-field: roles
          users:
            - username: franz
              groups:
                - topic-reader
                - topic-writer
          groups:
            - name: mathematicians
              groups:
                - topic-reader-pub
            - name: scientists
              groups:
                - topic-writer-clusterA-projectA
                - acl-reader-clusterA

The only things is that I don't see anything related to team membership in the /user reponse