k-space/kube
10
1
Fork 3
Code Issues 32 Pull Requests Activity

Fix OIDCClients that need groups claim #49

New Issue
Open
opened 2024-08-26 20:15:27 +00:00 by eaas · 1 comment
eaas commented 2024-08-26 20:15:27 +00:00
Owner
Copy Link

Before, groups we're always included. Now, groups (and allowed_groups) are separate scopes. Reconfigure OIDCClients and applications. Use overrideIncomingScopes, if needed.

Before, groups we're always included. Now, groups (and allowed_groups) are separate scopes. Reconfigure OIDCClients and applications. Use overrideIncomingScopes, if needed.
eaas commented 2024-08-26 20:17:56 +00:00
Author
Owner
Copy Link

Desired OIDCClient for wiki.js (only returns one or many relevant groups for wiki):

---
apiVersion: codemowers.cloud/v1beta1
kind: OIDCClient
metadata:
  name: wiki
spec:
  displayName: Wiki
  uri: https://wiki.k-space.ee
  redirectUris:
    - https://wiki.k-space.ee/login/a4cdccdc-c879-4387-a64a-6584a02a85e9/callback
  allowedGroups:
    - k-space:floor
  grantTypes:
    - authorization_code
    - refresh_token
  responseTypes:
    - code
  availableScopes:
    - openid
    - profile
    - allowed_groups
  overrideIncomingScopes: true
  tokenEndpointAuthMethod: client_secret_post
  pkce: false
  secretRefreshPod:
    apiVersion: v1
    kind: Pod
     ....

@rasmus jfyi, will let you know when passmower updated and wikijs client configured

Desired OIDCClient for wiki.js (only returns one or many relevant groups for wiki): ``` --- apiVersion: codemowers.cloud/v1beta1 kind: OIDCClient metadata: name: wiki spec: displayName: Wiki uri: https://wiki.k-space.ee redirectUris: - https://wiki.k-space.ee/login/a4cdccdc-c879-4387-a64a-6584a02a85e9/callback allowedGroups: - k-space:floor grantTypes: - authorization_code - refresh_token responseTypes: - code availableScopes: - openid - profile - allowed_groups overrideIncomingScopes: true tokenEndpointAuthMethod: client_secret_post pkce: false secretRefreshPod: apiVersion: v1 kind: Pod .... ``` @rasmus jfyi, will let you know when passmower updated and wikijs client configured
👍 1
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
new app

shiny

  
greenlit

The stars have aligned: Orders have arrived, plan has been laid, only hands are needed. Just do it!

No Label
new app
greenlit
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: k-space/kube#49
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?