platform icon indicating copy to clipboard operation
platform copied to clipboard
verified publisher icon parcelvoy

Question: SSO using Google OpenID requires organization scope

Open xBlaz3kx opened this issue 10 months ago • 2 comments

Im trying out parcelvoy for myself and I've configured SSO using OpenID for Google, however, I cannot login/register because the app requires the organization scope.

Is this a hard requirement for the app? Maybe it should allow creating an org even without Google workspaces?

xBlaz3kx avatar Apr 24 '25 09:04 xBlaz3kx

Not exactly sure what you are talking about, the only scopes required for OpenID are openid email profile which are all common to all OpenID login methods. Are you sure you have it configured correctly and that is the problem? That said, I would not recommend using OpenID unless you are constraining it to a domain otherwise you are leaving your installation open to anyone creating an account and using it. For Google this means having a Google workspace account so you can restrict to your domain.

pushchris avatar Apr 24 '25 23:04 pushchris

I configured it according to the docs, but when I attempted to login with Google, I got a 400 bad request, missing organization scope.

AUTH_DRIVER=google
AUTH_GOOGLE_CLIENT_ID=<client_id>
AUTH_GOOGLE_CLIENT_SECRET=<secret>
AUTH_GOOGLE_NAME=Google

Configuring it with multiple auth drivers seems to work fine though.

xBlaz3kx avatar Apr 26 '25 10:04 xBlaz3kx