passport-openidconnect icon indicating copy to clipboard operation
passport-openidconnect copied to clipboard

Published 20 hours ago verified publisher icon jaredhanson

Feature: Support groups

Open mstrhakr opened this issue 3 years ago • 7 comments

This small addition allows for groups to be passed back as part of the profile.

This is tested and working with a combination of Meshcentral and Authelia

closes #100

mstrhakr avatar Sep 05 '22 17:09 mstrhakr

Hi @jaredhanson, do you plan to merge this anytime soon? Really hoping we can get this through; otherwise, I'll have to find another approach. (cc: @mstrhakr )

kyler-rosquist-d avatar Jan 04 '23 19:01 kyler-rosquist-d

:+1 this is useful for us too. @jaredhanson (CC: @mstrhakr)

krishnadubagunta avatar Jan 31 '23 16:01 krishnadubagunta

openid-client supports scopes and worked well for me. @krishnadubagunta

kyler-rosquist-d avatar Feb 01 '23 16:02 kyler-rosquist-d

As a rule, I don't merge pull requests that lack corresponding tests. I'll merge this if tests are added, otherwise it'll have to wait until I have time to write the tests.

I'd also like to see examples of how Meshcentral, Authelia, and other IDPs are encoding the group claim. Just as Passport normalizes the user profile, the group claim should be normalized to a well-defined structure as well. The group claim defined by the JWT Profile for Access Tokens (RFC 9068) would make a good option for normalization.

jaredhanson avatar Feb 01 '23 17:02 jaredhanson

As a rule, I don't merge pull requests that lack corresponding tests. I'll merge this if tests are added, otherwise it'll have to wait until I have time to write the tests.

I'd also like to see examples of how Meshcentral, Authelia, and other IDPs are encoding the group claim. Just as Passport normalizes the user profile, the group claim should be normalized to a well-defined structure as well. The group claim defined by the JWT Profile for Access Tokens (RFC 9068) would make a good option for normalization.

I'm not a real programmer but can take a crack at these tests, assuming I can base them on the current tests. I don't have nearly the free time I used to but it can't be that hard to write the tests (famous last words haha).

I'll check out the documentation you provided for cleaning up the data, I don't actually remember how it gets pulled in so I'll need some time to figure it all out again.

Happy to get the requirements though so thanks for the response!

mstrhakr avatar Feb 06 '23 21:02 mstrhakr

This change made groups claims work using Entra ID's OAuth2 on Wiki.js (using passport). It would be nice to have it implemented so we don't need to manually change the files.

GegudeBR avatar Jun 03 '24 17:06 GegudeBR

+1

UltimatumGamer avatar Jul 07 '24 11:07 UltimatumGamer