Added an OIDC AllowGroups option for authorization.

2022-12-07 00:08:01 +00:00 · 2022-12-07 00:08:01 +00:00 · 70f2f5d750
commit 70f2f5d750
parent 4453728614
4 changed files with 44 additions and 0 deletions
--- a/config.go
+++ b/config.go
@ -96,6 +96,7 @@ type OIDCConfig struct {
 	ExtraParams                map[string]string
 	AllowedDomains             []string
 	AllowedUsers               []string
+	AllowedGroups              []string
 	StripEmaildomain           bool
 }

@ -568,6 +569,7 @@ func GetHeadscaleConfig() (*Config, error) {
 			ExtraParams:      viper.GetStringMapString("oidc.extra_params"),
 			AllowedDomains:   viper.GetStringSlice("oidc.allowed_domains"),
 			AllowedUsers:     viper.GetStringSlice("oidc.allowed_users"),
+			AllowedGroups:    viper.GetStringSlice("oidc.allowed_groups"),
 			StripEmaildomain: viper.GetBool("oidc.strip_email_domain"),
 		},