Auth: Add support for role mapping and allowed groups in Google OIDC (#76266)

* support google oauth allowed_groups. unify allowed groups logic * add role mapping for google oauth * add documentation * add addendums * remove extra isGroupMember * add to sample ini * Apply suggestions from code review Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com> --------- Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
2025-07-30 03:02:44 +08:00 · 2023-10-10 18:07:23 +02:00
parent 0d390382d3
commit cada1f040a
11 changed files with 297 additions and 72 deletions
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@ -1497,9 +1497,7 @@ func readAuthGithubSettings(cfg *Cfg) {
 func readAuthGoogleSettings(cfg *Cfg) {
 	sec := cfg.SectionWithEnvOverrides("auth.google")
 	cfg.GoogleAuthEnabled = sec.Key("enabled").MustBool(false)
-	// FIXME: for now we skip org role sync for google auth
-	// as we do not sync organization roles from Google
-	cfg.GoogleSkipOrgRoleSync = true
+	cfg.GoogleSkipOrgRoleSync = sec.Key("skip_org_role_sync").MustBool(true)
 }

 func readAuthGitlabSettings(cfg *Cfg) {