Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC Enhancements #5637

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

OIDC Enhancements #5637

wants to merge 4 commits into from

Conversation

kumo-rn5s
Copy link
Contributor

@kumo-rn5s kumo-rn5s commented Mar 8, 2025
edited
Loading

What this PR does:

  • Adds support for custom claim keys for roles, usernames, and avatar URLs in OIDC configuration.
  • Enables the use of custom authorization, token, and user info endpoints.
  • Allows the OIDC client to retrieve additional user information from the UserInfo endpoint.
  • Adds an example for the Okta provider.

Why we need it:

  • Provides greater flexibility in configuring OIDC providers, especially when the default claim keys or endpoints do not match the user's setup.
  • Ensures the OIDC client can retrieve more user information from the UserInfo endpoint.
  • Enhances compatibility with various OIDC providers.

Which issue(s) this PR fixes:
Fixes #5330

Does this PR introduce a user-facing change?:
Yes

  • How are users affected by this change:

    • Users can now specify custom claim keys for roles, usernames, and avatar URLs in their OIDC configuration. They can also set custom endpoints for authorization, token, and user info.
    • The UserInfo endpoint will be automatically used to get additional claim fields.
    • Users can now specify custom userinfo/authorize/token endpoints on the prerequisites of issuer discovery.

  • Is this a breaking change:
    No

  • How to migrate (if breaking change):
    Not applicable

@kumo-rn5s kumo-rn5s force-pushed the auth/oidc-expansion branch from fc3352a to 00324ea Compare March 8, 2025 15:57
@kumo-rn5s kumo-rn5s changed the title OIDC expansion OIDC Enhancements Mar 8, 2025
@t-kikuc t-kikuc self-assigned this Mar 9, 2025
@t-kikuc
Copy link
Member

t-kikuc commented Mar 10, 2025

Thank you! Let me check for some weeks

@t-kikuc t-kikuc mentioned this pull request Mar 10, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@khanhtc1202 khanhtc1202 Awaiting requested review from khanhtc1202 khanhtc1202 is a code owner

@ffjlabo ffjlabo Awaiting requested review from ffjlabo ffjlabo is a code owner

@t-kikuc t-kikuc Awaiting requested review from t-kikuc t-kikuc is a code owner

@Warashi Warashi Awaiting requested review from Warashi Warashi is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

@t-kikuc t-kikuc

Labels
area/go area/web
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support userinfo endpoint for Generic OIDC SSO
2 participants
@kumo-rn5s @t-kikuc