search

vouch / vouch-proxy

an SSO and OAuth / OIDC login solution for Nginx using the auth_request module
MIT License
2.88k stars 326 forks source link

Support general team whitelists in the oauth provider #534

Open ebardsley opened 1 year ago

ebardsley commented 1 year ago

I've been using this for a while, and figured it was probably worth an upstream commit. Let me know if you'd like it done differently or are not interested in this.

This supports user_team_url in oauth providers, similar to how github supports it.

This was build to work for Discord and their https://discordapp.com/api/users/@me/guilds endpoint, but should work for anything that returns a list of {"id": "someid"} maps.

For example, I've been using this with a while with:

oauth:
  provider: oidc
  auth_url: https://discordapp.com/api/oauth2/authorize?prompt=none
  token_url: https://discordapp.com/api/oauth2/token
  user_info_url: https://discordapp.com/api/users/@me
  user_team_url: https://discordapp.com/api/users/@me/guilds
  scopes:
  - identify
  - email
  - guilds

and VOUCH_TEAMWHITELIST=<numeric id of my guild> and it works quite nicely.

(The go upgrade was necessary since some dependencies no longer work under 1.18.)