Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Feature request: Using different claim for OIDC username #596

Closed
georgegil opened this issue Sep 12, 2023 · 2 comments · Fixed by #605 or #602
Closed

Feature request: Using different claim for OIDC username #596

georgegil opened this issue Sep 12, 2023 · 2 comments · Fixed by #605 or #602

Comments

@georgegil
Copy link

georgegil commented Sep 12, 2023
edited
Loading

Would it be possible to have the username claim using email instead of name for the claim?

Using Github as OIDC provider, name is garunteed to be unique, however using AzureAD this is not the case, but email is most definitely unique.

seeing as a number of people probably using GitHub as IDP, perhaps which claim to use can be a paramater being specified at deploy time?

for example:

--oidc-name=<oidc_name>
--oidc-issuer-url=<issuer-url>
--oidc-client-id=<client-id>
--oidc-username-claim=email
--oidc-client-secret=<client-secret>
@leg100
Copy link
Owner

leg100 commented Sep 12, 2023

I don't believe Github supports OIDC. Not as an identity provider anyway. I think it only supports OAuth, hence people using OTF don't use the OIDC flags for Github, but --github-client-id, etc, instead.

But that is by the by. I think it's reasonable to provide the additional flag as you're asking for.

@georgegil
Copy link
Author

Oh course, didn't read the documentation properly, Github uses different mechanisms. My bad.

Thanks for looking into this.

@leg100 leg100 mentioned this issue Sep 13, 2023
Merged
leg100 added a commit that referenced this issue Sep 13, 2023
@leg100
feat: add flags --oidc-username-claim and --oidc-scopes (#605)
87324d0 
Fixes #596
@github-actions github-actions bot mentioned this issue Sep 13, 2023
Merged
leg100 pushed a commit that referenced this issue Sep 13, 2023
@github-actions
chore(master): release 0.1.13 (#602)
cb025ed 
🤖 I have created a release *beep* *boop*
---


## [0.1.13](v0.1.12...v0.1.13)
(2023-09-13)


### Features

* add flags --oidc-username-claim and --oidc-scopes
([#605](#605))
([87324d0](87324d0)),
closes [#596](#596)


### Bug Fixes

* restart spooler when broker terminates subscription
([#600](#600))
([ce41580](ce41580))
* retrieving state outputs only requires read role
([#603](#603))
([25c4a99](25c4a99))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@github-actions github-actions bot mentioned this issue Jan 11, 2025
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@leg100 @georgegil