[IMP] auth_oidc: Add _auth_oauth_signing to (un)link from groups

Thanks to 4204bd8

@hbrunn & @26hpredraglazarevic

auth_oidc/models/res_users.py

@@ -8,6 +8,7 @@
 
 from odoo import api, models
 from odoo.exceptions import AccessDenied
+from odoo.fields import Command
 from odoo.http import request
 
 _logger = logging.getLogger(__name__)
@@ -44,6 +45,38 @@ def _auth_oauth_get_tokens_auth_code_flow(self, oauth_provider, params):
  # https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse
  return response_json.get("access_token"), response_json.get("id_token")
 
+ @api.model
+ def _auth_oauth_signin(self, provider, validation, params):
+ """retrieve and sign in the user corresponding to provider and validated access token
+ :param provider: oauth provider id (int)
+ :param validation: result of validation of access token (dict)
+ :param params: oauth parameters (dict)
+ :return: user login (str)
+ :raise: AccessDenied if signin failed
+ """
+ login = super()._auth_oauth_signin(provider, validation, params)
+ user = self.search([("login", "=", login)])
+ oauth_provider = self.env["auth.oauth.provider"].browse(provider)
+ # Assume the groups are exclusively managed via OAuth 'groups'
+ if user and oauth_provider.groups_field in validation:
+ group_updates = []
+ for group_line in oauth_provider.group_line_ids:
+ if group_line.oauth_group_name in validation.get(
+ oauth_provider.groups_field
+ ):
+ _logger.debug(
+ f"Add user {user.id} to the group {group_line.group_id.id}"
+ )
+ group_updates.append((Command.LINK, group_line.group_id.id))
+ else:
+ _logger.debug(
+ f"Remove user {user.id} from the group {group_line.group_id.id}"
+ )
+ group_updates.append((Command.UNLINK, group_line.group_id.id))
+ if group_updates:
+ user.write({"groups_id": group_updates})
+ return login
+
  @api.model
  def auth_oauth(self, provider, params):
  oauth_provider = self.env["auth.oauth.provider"].browse(provider)