Open
Description
🔖 Feature description
because we have now some Generic OAUTH, it could be great to have some groups_mappings and an dedicated attributes for organisations like
must
- create org if not exists => easy to bootstrap with gitops strategy with this
- map
userwith dedicateorgto corresponding Role
POSTIZ_OAUTH_GROUPS_MAPPING: "user:postiz_user,admin:postiz_admin"
POSTIZ_OAUTH_ORGANISATION_ATTRIBUTES: "organizations"
POSTIZ_OAUTH_SCOPE: "openid profile email postiz" POSTIZ_OAUTH_GROUPS_MAPPING: "<builtin_role>:<OIDC_mapping>"
POSTIZ_OAUTH_ORGANISATION_ATTRIBUTES: "organizations" => link organisations to users as an array
POSTIZ_OAUTH_SCOPE: "openid profile email postiz" => custom scope possibilities
provider attrobutes objects examples
{
"iss": "https://auth.domain.com/application/o/postiz/",
"sub": "redacted",
"aud": "redacted",
"exp": 1747084328,
"iat": 1747082528,
"auth_time": 1747082528,
"acr": "goauthentik.io/providers/oauth2/default",
"email": "[email protected]",
"email_verified": true,
"organizations": [
"Org1","Org2"
],
"name": "Foo Bar",
"given_name": "Foo Bar",
"preferred_username": "fBar",
"nickname": "fbar",
"groups": [
"postiz_user"
]
}
🎤 Why is this feature needed ?
i think this could be essential when you want to manage user from an SSO stuff , can be extendedn to any oauth provider (GITHUB/GOOGLE/GENERIC)
✌️ How do you aim to achieve this?
we should have dedicated service for provider taht could match and link scope/attributes to DTO and remove the Org form on new signIn when using OIDC providers maybe ?
🔄️ Additional Information
No response
👀 Have you spent some time to check if this feature request has been raised before?
- I checked and didn't find similar issue
Are you willing to submit PR?
None