From 79d18e1b6f9cb303b27b3fce26ed950f3b7e1d7a Mon Sep 17 00:00:00 2001
From: rasmus <rasmus@k-space.ee>
Date: Sat, 31 Jan 2026 23:13:24 +0200
Subject: [PATCH] wiki: map groups

---
 wiki/application.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/wiki/application.yaml b/wiki/application.yaml
index 08e408a..2f263a1 100644
--- a/wiki/application.yaml
+++ b/wiki/application.yaml
@@ -18,6 +18,7 @@ spec:
   availableScopes:
     - openid
     - profile
+    - groups
   tokenEndpointAuthMethod: client_secret_post
   pkce: false
   secretRefreshPod:
@@ -42,7 +43,7 @@ spec:
           command:
             - /bin/bash
             - -c
-            - jq '{"strategyKey":"oidc","config":{"clientId":$ENV.OIDC_CLIENT_ID,"clientSecret":$ENV.OIDC_CLIENT_SECRET,"authorizationURL":$ENV.OIDC_IDP_AUTH_URI,"tokenURL":$ENV.OIDC_IDP_TOKEN_URI,"userInfoURL":$ENV.OIDC_IDP_USERINFO_URI,"skipUserProfile":false,"issuer":$ENV.OIDC_IDP_URI,"emailClaim":"email","displayNameClaim":"name","mapGroups":false,"groupsClaim":"groups","logoutURL":$ENV.OIDC_IDP_URI,"acrValues":""}} | "UPDATE authentication SET config=\(.config|tostring|@sh) WHERE strategyKey=\(.strategyKey|tostring|@sh) LIMIT 1"' -n -r > /tmp/update.sql
+            - jq '{"strategyKey":"oidc","config":{"clientId":$ENV.OIDC_CLIENT_ID,"clientSecret":$ENV.OIDC_CLIENT_SECRET,"authorizationURL":$ENV.OIDC_IDP_AUTH_URI,"tokenURL":$ENV.OIDC_IDP_TOKEN_URI,"userInfoURL":$ENV.OIDC_IDP_USERINFO_URI,"skipUserProfile":false,"issuer":$ENV.OIDC_IDP_URI,"emailClaim":"email","displayNameClaim":"name","mapGroups":true,"groupsClaim":"groups","logoutURL":$ENV.OIDC_IDP_URI,"acrValues":""}} | "UPDATE authentication SET config=\(.config|tostring|@sh) WHERE strategyKey=\(.strategyKey|tostring|@sh) LIMIT 1"' -n -r > /tmp/update.sql
       containers:
         - name: mysql
           image: mirror.gcr.io/library/mysql