Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: implement google group claim in JWT #3449

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

zufardhiyaulhaq
Copy link

Overview

one of the solution for #3448

What this PR does / why we need it

  1. need support to add group claim on JWT for google connector

Special notes for your reviewer

@@ -440,6 +440,8 @@ func (s *Server) newIDToken(clientID string, claims storage.Claims, scopes []str
tok.AuthorizingParty = clientID
}

tok.Groups = append(tok.Groups, claims.Groups...)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if this is a good idea since a user can be member of 1000+ groups. Google sets a limit of ~3000
https://support.google.com/a/answer/6099642

I think DEX should set a reasonable upper limit on number of groups to include in the token and document the same as a limitation.

@@ -58,6 +58,9 @@ type Config struct {

// If this field is true, fetch direct group membership and transitive group membership
FetchTransitiveGroupMembership bool `json:"fetchTransitiveGroupMembership"`

// enfore group claim on JWT
EnforceGroupClaim bool
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
EnforceGroupClaim bool
EnforceGroupClaim bool `json:"enforceGroupClaim"`

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants