Add support for additional ID token claim checks for OAuth 2 authentication. #6736

2025-02-25 18:55:31 -06:00 · 2023-09-05 07:58:18 +02:00
parent e5c249e81c
commit 02eaf787e9
4 changed files with 136 additions and 0 deletions
--- a/docs/en_US/oauth2.rst
+++ b/docs/en_US/oauth2.rst
@@ -12,6 +12,10 @@ installed in Server mode. You can copy these settings from *config.py* file
 and modify the values for the following parameters:


+.. _AzureAD: https://learn.microsoft.com/en-us/security/zero-trust/develop/configure-tokens-group-claims-app-roles
+.. _GitLab: https://docs.gitlab.com/ee/integration/openid_connect_provider.html#shared-information
+
+
 .. csv-table::
   :header: "**Parameter**", "**Description**"
   :class: longtable
@@ -39,6 +43,9 @@ and modify the values for the following parameters:
    "OAUTH2_AUTO_CREATE_USER", "Set the value to *True* if you want to automatically
    create a pgAdmin user corresponding to a successfully authenticated Oauth2 user.
    Please note that password is not stored in the pgAdmin database."
+    "OAUTH2_ADDITIONAL_CLAIMS", "If a dictionary is provided, pgAdmin will check for a matching key and value on the user profile.
+    In case the profile does not have any match with the provided config, the user will receive an authorization error.
+    Useful for checking AzureAD_ *wids* or *groups*, GitLab_ *owner*, *maintainer* and *reporter* claims."

 Redirect URL
 ============