yorick/pics
1
0
Fork 0
forked from Public/pics
Code Pull Requests Activity

Match OIDC users by sub claim, auto-enroll, sync admin from groups

Browse Source 
Switch from email-based OIDC matching to the stable `sub` claim.
Existing users are migrated by email on first login, new users are
auto-enrolled from OIDC claims, and admin status is synced from the
IdP's groups claim. Also expose oidc_sub on the admin edit-user page.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Yorick van Pelt
2026-02-15 19:37:14 +01:00
parent a361df2668
commit 555a3dbb95
7 changed files with 130 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
schema.sqlite.sql
View File

@@ -19,7 +19,8 @@ CREATE TABLE IF NOT EXISTS users (
ip_address TEXT,
is_admin INTEGER NOT NULL DEFAULT 0,
reset_key TEXT,
reset_blocked_until INTEGER
reset_blocked_until INTEGER,
oidc_sub TEXT UNIQUE
);
CREATE TABLE IF NOT EXISTS assets (