Closed VShamray1979 closed 2 months ago
I'm not sure to understand what you mean by team-based access but I can at least explain you the current behaviour. AKHQ does a call on https://api.github.com/user to get the user details an retrieve the username (login field in the response) and map the username with the groups defined in the AKHQ configuration.
From what I'm seeing in the codebase, GitHub SSO/Oauth2 can also take a groups mapping like for OIDC. It will help you to map a field from the GitHub user endpoint to the AKHQ groups. See here for the details of the /user response and the available fields.
So you can setup groups mapping like this:
akhq:
security:
default-group: no-roles
oauth2:
enabled: true
providers:
github:
label: "Login with GitHub"
username-field: login
groups-field: roles
users:
- username: franz
groups:
- topic-reader
- topic-writer
groups:
- name: mathematicians
groups:
- topic-reader-pub
- name: scientists
groups:
- topic-writer-clusterA-projectA
- acl-reader-clusterA
The only things is that I don't see anything related to team membership in the /user reponse
I have a config that provides user access that is well described here. https://akhq.io/docs/configuration/authentifications/github.html Can team-based access be provided to the GitHub team?