mirror of
https://github.com/juanfont/headscale.git
synced 2025-10-23 11:19:19 +02:00
5d8a2c25ea
This patch includes some changes to the OIDC integration in particular: - Make sure that userinfo claims are queried *before* comparing the user with the configured allowed groups, email and email domain. - Update user with group claim from the userinfo endpoint which is required for allowed groups to work correctly. This is essentially a continuation of #2545. - Let userinfo claims take precedence over id token claims. With these changes I have verified that Headscale works as expected together with Authelia without the documented escape hatch [0], i.e. everything works even if the id token only contain the iss and sub claims. [0]: https://www.authelia.com/integration/openid-connect/headscale/#configuration-escape-hatch |
||
|---|---|---|
| .. | ||
| change | ||
| testdata | ||
| api_key.go | ||
| common_test.go | ||
| common.go | ||
| config_test.go | ||
| config.go | ||
| const.go | ||
| node_test.go | ||
| node.go | ||
| policy.go | ||
| preauth_key_test.go | ||
| preauth_key.go | ||
| routes.go | ||
| types_clone.go | ||
| types_view.go | ||
| users_test.go | ||
| users.go | ||
| version.go | ||