OIDC: Support Generic OAuth org to role mappings (#87394)

* Social: link to OrgRoleMapper * OIDC: support Generic Oauth org to role mappings Fixes: #73448 Signed-off-by: Mathieu Parent <math.parent@gmail.com> * Handle when getAllOrgs fails in the org_role_mapper * Add more tests * OIDC: ensure orgs are evaluated from API when not from token Signed-off-by: Mathieu Parent <math.parent@gmail.com> * OIDC: ensure AutoAssignOrg is applied with OrgMapping without RoleAttributeStrict Signed-off-by: Mathieu Parent <math.parent@gmail.com> * Extend docs * Fix test, lint --------- Signed-off-by: Mathieu Parent <math.parent@gmail.com> Co-authored-by: Mihaly Gyongyosi <mgyongyosi@users.noreply.github.com>
2025-02-25 18:55:37 -06:00 · 2024-05-23 09:55:45 +02:00
parent 42126398be
commit b8c9ae0eb7
27 changed files with 673 additions and 359 deletions
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -807,6 +807,8 @@ login_attribute_path =
 name_attribute_path =
 role_attribute_path =
 role_attribute_strict = false
+org_attribute_path =
+org_mapping =
 groups_attribute_path =
 id_token_attribute_name =
 team_ids_attribute_path =
--- a/conf/sample.ini
+++ b/conf/sample.ini
@@ -742,6 +742,8 @@
 ;allowed_organizations =
 ;role_attribute_path =
 ;role_attribute_strict = false
+;org_attribute_path =
+;org_mapping =
 ;groups_attribute_path =
 ;team_ids_attribute_path =
 ;tls_skip_verify_insecure = false