nginx-sso

nginx-sso copied to clipboard

I'm using kanidm as my OIDC provider.

In the OIDC "subject" field (sub), kanidm uses a UUID for this field and uses the preferred_username for a fully qualified username (e.g. [email protected]).

I would like to use this field instead, since not all users need to have an email address defined in their profile.

I have tried using subject, full-email and local-part options for the oidc.user_id_method

I would also like to be able to use the scopes field to map to the @groupname.

Hm at the moment only email and subject are supported to derive the username from. Groups are not supported for OIDC at the moment.

Lets leave this here as a reminder to support more freely configuration for OIDC when the planned rewrite (sadly already planned for quite a time) happens.