Closed
Description
Describe the Bug
If the roles field in the response of the OIDC system is a empty array and user try to login without exist user in bookstack, they will get this error:
Steps to Reproduce
- Return a empty groups claims in OIDC user response
- Try to login without exist user in bookstack
- Throw error
Expected Behaviour
User login success and create a new bookstack account with a default role if the groups claims is empty (it should can be config by editing .env or web ui?).
Screenshots or Additional Context
OIDC User info dump
{
"sub": "****",
"name": "****",
"picture": null,
"updated_at": 1719400164865,
"username": "****",
"created_at": 1719398180979,
"email": "****@****.com",
"email_verified": true,
"roles": [],
"at_hash": "****",
"aud": "ja7i8qdjfsn6asiwlce4o",
"exp": 1720193283,
"iat": 1720189683,
"iss": "https://****/oidc"
}.env
AUTH_METHOD=oidc
AUTH_AUTO_INITIATE=true
OIDC_NAME=****
OIDC_DISPLAY_NAME_CLAIMS=name
OIDC_CLIENT_ID=****
OIDC_CLIENT_SECRET=****
OIDC_ISSUER=https://****/oidc
OIDC_END_SESSION_ENDPOINT=true
OIDC_ISSUER_DISCOVER=true
OIDC_USER_TO_GROUPS=true
OIDC_GROUPS_CLAIM=roles
OIDC_ADDITIONAL_SCOPES=roles
OIDC_REMOVE_FROM_GROUPS=true
OIDC_DUMP_USER_DETAILS=false
Browser Details
Microsoft Edge 127.0.2651.15 Beta (64-bit) on Windows 11 24H2 (26120.961)
Exact BookStack Version
v24.05.2