OAuth Provider - Add Org/Team membership to userinfo endpoint

[bminer]

• Gitea version (or commit ref): 1.15.0
• Git version: N/A
• Operating system: Linux
• Database (use [x]): N/A
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite

Description

When Gitea is acting as an OAuth provider, it would be nice if the /login/oauth/userinfo endpoint would return the orgs/teams to which a user is assigned if the "profile" scope is set. This would allow the client to parse this information and could possibly map it to a user group.

One implementation might add a new claim for each org, using the org name as the key for the claim. The claim would be an array of team names to which the user belonged for that org.

Another implementation would be to add a "teams" claim containing an array of [org_name]:[team_name] strings (where the org name and team name are concatenated together, separated by a colon or dash).

Thoughts on this? I am willing to submit a PR.

[thetechnick]

Hey there!
I just revamped my home lab and use Gitea as OIDC provider for Harbor, having a group claim like with dex really comes in handy.
Created a small PR to add groups support. PTAL :)

[lunny]

Resolved by #17367