-
Notifications
You must be signed in to change notification settings - Fork 450
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Enhancement]: Allow specification of OIDC user role and permissions with attribute mappings #2523
Comments
I think I would implement it like this: {
"sub": "1234567890",
"name": "John Doe",
"email": "john.doe@example.com",
"groups": ["user"], // Can include user, admin or guest, highest will be taken. Names configurable and scopename configurable
"abspermissions": { // name of the scope configurable
"canDownload": true,
"canUpload": false,
"canDelete": false,
"canAccessExplicitContent": true,
"canAccessAllLibraries": false,
"allowedLibraries": ["Library1", "Library2"],
"canAccessAllTags": false,
"allowedTags": ["Tag1", "Tag2"]
}
} While making the name of the claim So in the end basically we would have 5 new options in the Admin-Page to configure. All being optional. What do you think? |
@Sapd This sounds like a great approach. I don't think it's necessary to make the names of the "user", "admin" and "guest" groups customisable, since we can just map our own group names to these at the IdP. Simpler to keep these aligned with what are used at present. I do like the suggestion of making the two scope names configurable, however. Very happy to help with testing once a PR has been submitted. Thanks! |
Implemented in PR #2769 |
Added in v2.9.0 |
Describe the feature/enhancement
I have managed to configure OIDC authentication for ABS, which is working brilliantly, but if I want to make someone an admin or give them additional permissions, this still has to be done via ABS' admin page.
It would be much better if we could manage roles and permissions via the OIDC provider, so can you add support for claims and attribute mappings to add this functionality please?
The text was updated successfully, but these errors were encountered: