oauth2-proxy icon indicating copy to clipboard operation
oauth2-proxy copied to clipboard

Published 20 hours ago verified publisher icon oauth2-proxy

OIDC groups claim ignored

Open duemila2 opened this issue 11 months ago • 0 comments

OAuth2-Proxy Version

v7.6.0

Provider

oidc

Expected Behaviour

I would like to authorize only JWT tokens having a groups claim called "app_groups" containing the value "prefect", for example:

"app_groups": [
    "ml-flow",
    "prefect"
  ]

I've tried the following different configurations:

  • set environment variable OAUTH2_PROXY_OIDC_GROUPS_CLAIM=app_groups
  • set environment variable OAUTH2_PROXY_OIDC_GROUPS_CLAIM="app_groups"
  • pass command line argument --oidc-groups-claim=app_groups
  • pass command line argument --oidc-groups-claim="app_groups"

and I expected that the token is validated, because I also set the env var OAUTH2_PROXY_ALLOWED_GROUPS=prefect

Current Behaviour

In all of this cases the validation of the token doesn't work. Instead, if I insert the groups into a claim called "groups", the validation of the token goes well. Then I suspect that the oidc-groups-claim env var or arguments are ignored or I set them wrong.

Could you please help me to analyze the issue?

Thank you very much

Steps To Reproduce

  • set environment variable OAUTH2_PROXY_OIDC_GROUPS_CLAIM=app_groups or
  • set environment variable OAUTH2_PROXY_OIDC_GROUPS_CLAIM="app_groups" or
  • pass command line argument --oidc-groups-claim=app_groups or
  • pass command line argument --oidc-groups-claim="app_groups" or

and set OAUTH2_PROXY_ALLOWED_GROUPS=prefect, then try to pass a token having a claim:

"app_groups": [
    "ml-flow",
    "prefect"
  ]

Possible Solutions

No response

Configuration details or additional information

No response

duemila2 avatar Feb 27 '24 16:02 duemila2