mirror of
https://github.com/warp-tech/warpgate.git
synced 2024-09-20 06:46:17 +08:00
916d51a4e8
This is done using the `role_mappings` property.
Roles to be mapped are gotten from the 'warp_groups` oidc claim:
```sso_providers:
- name: custom_sso
label: Custom SSO
provider:
type: custom
client_id: <client_id>
client_secret: <client_secret>
issuer_url: <issuer_url>
scopes: ["email", "profile", "openid", "warp_groups"] #warp_groups is scope name to request for my demo case, which adds a "warpgate_groups" claim to the userinfo
role_mappings:
- ["warpgate:admin", "warpgate:admin"]
```
This maps the `warpgate:admin` group from OIDC to the `warpgate:admin`
role.
This [video on YouTube](https://youtu.be/XCYSGGCgk9Q) demonstrates the
functionality
---------
Co-authored-by: Eugene <inbox@null.page>
24 lines
731 B
JSON
24 lines
731 B
JSON
[
|
|
{
|
|
"ClientId": "client-credentials-mock-client",
|
|
"ClientSecrets": ["client-credentials-mock-client-secret"],
|
|
"Description": "Client for client credentials flow",
|
|
"AllowedGrantTypes": ["client_credentials", "authorization_code"],
|
|
"AllowedScopes": ["openid", "profile", "email", "warpgate-scope"],
|
|
"RedirectUris": ["https://127.0.0.1:8888/@warpgate/api/sso/return"],
|
|
"ClientClaimsPrefix": "",
|
|
"Claims": [
|
|
{
|
|
"Type": "string_claim",
|
|
"Value": "string_claim_value",
|
|
"ValueType": "string"
|
|
},
|
|
{
|
|
"Type": "json_claim",
|
|
"Value": "[\"value1\", \"value2\"]",
|
|
"ValueType": "json"
|
|
}
|
|
]
|
|
}
|
|
]
|