mirror of
https://github.com/juanfont/headscale.git
synced 2025-10-19 11:15:48 +02:00
5d8a2c25ea
This patch includes some changes to the OIDC integration in particular: - Make sure that userinfo claims are queried *before* comparing the user with the configured allowed groups, email and email domain. - Update user with group claim from the userinfo endpoint which is required for allowed groups to work correctly. This is essentially a continuation of #2545. - Let userinfo claims take precedence over id token claims. With these changes I have verified that Headscale works as expected together with Authelia without the documented escape hatch [0], i.e. everything works even if the id token only contain the iss and sub claims. [0]: https://www.authelia.com/integration/openid-connect/headscale/#configuration-escape-hatch |
||
|---|---|---|
| .. | ||
| assets | ||
| capver | ||
| db | ||
| derp | ||
| dns | ||
| mapper | ||
| policy | ||
| routes | ||
| state | ||
| templates | ||
| types | ||
| util | ||
| app.go | ||
| auth.go | ||
| debug.go | ||
| grpcv1_test.go | ||
| grpcv1.go | ||
| handlers.go | ||
| metrics.go | ||
| noise.go | ||
| oidc.go | ||
| platform_config.go | ||
| poll.go | ||
| suite_test.go | ||
| tailsql.go | ||