upstream/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-06-25 11:39:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
forgejo/modules
History
hwipl 1ea5605eae feat: add dynamic group mappings for OIDC (#11656) 
Currently, Forgejo supports configuring static group team mappings for
an OIDC authentication source that map OIDC groups to Forgejo
organizations and teams. For example, the following mapping

```json
{"Developer": {"MyForgejoOrganization": ["MyForgejoTeam1", "MyForgejoTeam2"]}}
```

automatically adds a user in the OIDC group `Developer` to the teams
`MyForgejoTeam1` and `MyForgejoTeam2` in organization
`MyForgejoOrganization`.

In order to support more dynamic mappings and to avoid having to update
the mappings for new organizations and teams, add an additional
configuration option that supports mappings with placeholders like in
the following example:

```json
["group-{org}-{team}", "other:{org}/{team}"]
```

In this example, the mappings add a user in OIDC groups
`group-org1-team1`, `group-org2-team2`, and `other:org3/team3` to team
`team1` in organization `org1`, team `team2` in organization `org2`, and
to team `team3` in organization `org3`.

Additionally, this adds a configuration option to dynamically remove
users from organization teams. If enabled, a user is removed from all
teams that are not added via a static or dynamic mapping. Thus, users
are only in teams that are added via such a mapping and no other teams.

Docs: forgejo/docs!1950

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11656
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-05-22 12:38:20 +02:00
..
actions feat: reusable workflow outer job is skipped if 'if:' block skips workflow (#12412) 2026-05-05 02:59:34 +02:00
activitypub
analyze
assetfs
auth feat: add dynamic group mappings for OIDC (#11656) 2026-05-22 12:38:20 +02:00
avatar feat: serve downsized versions of avatars (#11242) 2026-05-16 12:04:05 +02:00
avatarstore feat: serve downsized versions of avatars (#11242) 2026-05-16 12:04:05 +02:00
base fix: "Follow symlink" to work with arbitrary links (#12246) 2026-04-27 23:54:21 +02:00
cache feat: cache OIDC metadata & JWKS when read by authorized integration (#12275) 2026-04-28 02:13:06 +02:00
card
charset chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
container
csv
emoji
eventsource
forgefed chore(federation): re-enable nilnil lint (#11253) 2026-04-13 22:05:29 +02:00
generate chore: unify signing key configuration across modules (#11194) 2026-04-21 19:39:33 +02:00
git fix: return the error when InitDelegateHooks fail (#12427) 2026-05-06 04:47:15 +02:00
gitrepo
graceful
hcaptcha
highlight fix(ui): show "Shell" instead of "Bash" in headers of shell script files (#12562) 2026-05-14 22:33:51 +02:00
hostmatcher chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
html
httpcache chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
httplib chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
indexer fix(issue-search): single exclude query was erroneosly considered as must (#12589) 2026-05-16 09:57:51 +02:00
issue/template chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
json feat: ability to edit authorized integration in web UI (#12601) 2026-05-17 18:33:39 +02:00
jwtx chore: make use of go1.26 features (#12369) 2026-05-01 22:51:48 +02:00
keying fix: store pull mirror creds encrypted with keying (#11909) 2026-04-04 13:53:22 +02:00
label chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
lfs
log tests: make buffer log writer thread safe (#11962) 2026-04-04 16:29:14 +02:00
markup feat(ui): support Pandoc style code blocks (#12099) 2026-05-12 00:53:09 +02:00
mcaptcha
metrics
migration
nosql feat: cache OIDC metadata & JWKS when read by authorized integration (#12275) 2026-04-28 02:13:06 +02:00
optional chore: upgrade to https://code.forgejo.org/xorm/xorm v1.4.0 (#12639) 2026-05-20 20:20:08 +02:00
options
packages feat: support simple JSON API for PyPI package registry (#12095) 2026-04-30 16:58:28 +02:00
paginator
pprof
private chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
process
proxy
proxyprotocol
public chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
queue feat: cache OIDC metadata & JWKS when read by authorized integration (#12275) 2026-04-28 02:13:06 +02:00
recaptcha
references
regexplru
repository feat: serve downsized versions of avatars (#11242) 2026-05-16 12:04:05 +02:00
secret
session fix: only destroy session if exists 2026-03-19 02:18:52 +01:00
setting chore: upgrade to https://code.forgejo.org/xorm/xorm v1.4.0 (#12639) 2026-05-20 20:20:08 +02:00
sitemap
ssh
storage chore: unify signing key configuration across modules (#11194) 2026-04-21 19:39:33 +02:00
structs feat: expose access token creation date in API responses (#12620) 2026-05-20 18:45:38 +02:00
svg
sync
system
templates feat: Follow remote users; feed tab (#10380) 2026-04-12 03:31:03 +02:00
test feat: Follow remote users; feed tab (#10380) 2026-04-12 03:31:03 +02:00
testimport
testlogger chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
timeutil
translation fix(i18n): don't log harmless missing translations as errors (#12183) 2026-04-18 23:18:02 +02:00
turnstile
typesniffer
updatechecker chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
uri
user
util chore: make use of go1.26 features (#12369) 2026-05-01 22:51:48 +02:00
validation feat: add dynamic group mappings for OIDC (#11656) 2026-05-22 12:38:20 +02:00
web chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
webhook
zstd