feat: assign users to teams via OIDC claims #1393
|
@ -208,10 +208,19 @@ func HandleCallback(c echo.Context) error {
|
|||
}
|
||||
|
||||
// does the oidc token contain well formed "vikunja_groups" through vikunja_scope
|
||||
viehlieb marked this conversation as resolved
Outdated
|
||||
teamData, errs := getTeamDataFromToken(cl.VikunjaGroups, provider)
|
||||
if teamData != nil {
|
||||
for _, err := range errs {
|
||||
log.Errorf("Error creating teams for user and vikunja groups %s: %v", cl.VikunjaGroups, err)
|
||||
teamData, err := getTeamDataFromToken(cl.VikunjaGroups, provider)
|
||||
if err != nil {
|
||||
log.Errorf("Error creating teams for user and vikunja groups %s: %v", cl.VikunjaGroups, err)
|
||||
return handler.HandleHTTPError(err, c)
|
||||
}
|
||||
// check if we have seen these teams before.
|
||||
viehlieb marked this conversation as resolved
Outdated
konrad
commented
Please don't ignore the error. Please don't ignore the error.
|
||||
// find or create Teams and assign user as teammember.
|
||||
if len(teamData) > 0 {
|
||||
viehlieb marked this conversation as resolved
Outdated
konrad
commented
Please don't call this "Sign out". That's a different thing. Please don't call this "Sign out". That's a different thing.
|
||||
log.Debugf("TeamData is set %v", teamData)
|
||||
teams, err := GetOrCreateTeamsByOIDCAndNames(s, teamData, u)
|
||||
if err != nil {
|
||||
log.Errorf("Error verifying team for name %v, got %v", cl.Name, teams, err)
|
||||
return err
|
||||
}
|
||||
konrad marked this conversation as resolved
Outdated
konrad
commented
Doing this every time a user logs in probably has performance implications but that's a problem to care about when we'll hit it in the wild. Doing this every time a user logs in probably has performance implications but that's a problem to care about when we'll hit it in the wild.
viehlieb
commented
only if it has teamIDsToLeave, but yeah I agree. The problem is more the oidc structure itself, that you "have" to check for changes "everytime" you sign in.. only if it has teamIDsToLeave, but yeah I agree.
The problem is more the oidc structure itself, that you "have" to check for changes "everytime" you sign in..
|
||||
|
||||
//find old teams for user through oidc
|
||||
|
|
Loading…
Reference in New Issue
Block a user
Typo:
team
andoidc
should be lowercase.Please check the other log messages as well for typos, I've seen a few more like this.