Add groups scope/claim to OIDC/OAuth2 Provider (#17367)

* Add groups scope/claim to OICD/OAuth2 Add support for groups claim as part of the OIDC/OAuth2 flow. Groups is a list of "org" and "org:team" strings to allow clients to authorize based on the groups a user is part of. Signed-off-by: Nico Schieder <code@nico-schieder.de> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-07-03 09:07:19 +00:00 · 2021-10-22 11:19:24 +02:00
parent af96286f22
commit 870f5fbc41
3 changed files with 57 additions and 7 deletions
--- a/services/auth/source/oauth2/token.go
+++ b/services/auth/source/oauth2/token.go
@ -83,6 +83,9 @@ type OIDCToken struct {
 	// Scope email
 	Email         string `json:"email,omitempty"`
 	EmailVerified bool   `json:"email_verified,omitempty"`
+
+	// Groups are generated by organization and team names
+	Groups []string `json:"groups,omitempty"`
 }

 // SignToken signs an id_token with the (symmetric) client secret key