[Feature Request] Assign teams from OpenID Connect claims #950

New Issue

EternalDeiwos · 2021-08-17T19:11:05Z

EternalDeiwos commented

2021-08-17 19:11:05 +00:00

It would be fantastic to optionally add users to teams based on provided claims (if they are available/configured).

🎉 1

konrad commented

2021-08-17 19:22:17 +00:00

Would you do that with a custom claim in the id token or by some logic based on the existing claims?

How would you specify the team users get added to?

Would you do that with a custom claim in the id token or by some logic based on the existing claims? How would you specify the team users get added to?

konrad added the

kind/feature

label 2021-08-17 19:22:38 +00:00

EternalDeiwos commented

2021-08-18 05:15:12 +00:00

Poster

It would probably be a custom claim. None of the standard OIDC claims are viable. If you had a "groups" claim (either string or array of strings) then it should add users to each of the corresponding teams or create the teams if they don't exist.

I'd recommend having an environment variable that configures which claim Vikunja looks for, as different IdPs will provide similar values but under different claim names.

This could be for either ID token or the user info endpoint.

It would probably be a custom claim. None of the standard OIDC claims are viable. If you had a "groups" claim (either string or array of strings) then it should add users to each of the corresponding teams or create the teams if they don't exist. I'd recommend having an environment variable that configures which claim Vikunja looks for, as different IdPs will provide similar values but under different claim names. This could be for either ID token or the user info endpoint.

konrad commented

2021-08-18 15:14:53 +00:00

That makes sense. You would probably need to pass in the id of the team and not the name because names aren't unique.

xeruf commented

2022-07-13 11:21:09 +00:00

Yes please! I now have to prompt all people to log in so I can assign them to the team, which is rather annoying.

An option to share something for everyone on the instance would be handy here, too.

Yes please! I now have to prompt all people to log in so I can assign them to the team, which is rather annoying. An option to share something for everyone on the instance would be handy here, too.

viehlieb referenced this issue

2022-10-12 13:19:50 +00:00

WIP: introduce functionality to assign/create team via group claim #1279

viehlieb commented

2022-10-12 13:21:17 +00:00

Hello. I am currently working on that feature.

there are several specifications that need to be adressed:
#1393

Hello. I am currently working on that feature. there are several specifications that need to be adressed: https://kolaente.dev/vikunja/api/pulls/1393

🎉 2

viehlieb referenced this issue

2023-02-10 21:30:09 +00:00

feat: assign users to teams via OIDC claims #1393