feat: OIDC role mapping #9982
Open
feat: OIDC role mapping #9982
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dosubot
bot
added
the
size:XXL
RogerHYang
force-pushed
the
oidc-role-mapping
branch
from
76e543f to
a7e7a51
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
resolves #9481
resolves #9888
Note
Adds OIDC role-to-Phoenix role mapping (ADMIN/MEMBER/VIEWER) via env-configured claim path and strict mode, applying/syncing roles on login with extensive tests.
OAuth2UserRoleName(ADMIN|MEMBER|VIEWER) and rejectSYSTEMfor OAuth2.ROLE_ATTRIBUTE_PATH,ROLE_MAPPING,ROLE_ATTRIBUTE_STRICTinOAuth2ClientConfig.from_envwith robust validation.OAuth2Clientto extract role via JMESPath, map/validate roles, and honor strict/non-strict behavior; extendhas_sufficient_claimsto consider roles.oauth2.py): validate ID token errors, validate access, extract/map role, and assign/sync role on sign-in/create (preserve role when mapping disabled).tests/integration/auth/test_oidc.py.roleclaims and new env cases.Written by Cursor Bugbot for commit a7e7a51. This will update automatically on new commits. Configure here.