forked from Public/pics
Match OIDC users by sub claim, auto-enroll, sync admin from groups
Switch from email-based OIDC matching to the stable `sub` claim. Existing users are migrated by email on first login, new users are auto-enrolled from OIDC claims, and admin status is synced from the IdP's groups claim. Also expose oidc_sub on the admin edit-user page. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -40,3 +40,4 @@ const OIDC_PROVIDER_URL = ''; // e.g. 'https://kanidm.example.com/oauth2/op
|
||||
const OIDC_CLIENT_ID = '';
|
||||
const OIDC_CLIENT_SECRET = '';
|
||||
const OIDC_PROVIDER_NAME = ''; // e.g. 'Kanidm' — used as button label
|
||||
const OIDC_ADMIN_GROUP = ''; // OIDC group claim value that grants admin, e.g. 'pics_admins'
|
||||
|
||||
Reference in New Issue
Block a user