upstream/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-06-26 10:29:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
forgejo/services
History
hwipl 1ea5605eae feat: add dynamic group mappings for OIDC (#11656) 
Currently, Forgejo supports configuring static group team mappings for
an OIDC authentication source that map OIDC groups to Forgejo
organizations and teams. For example, the following mapping

```json
{"Developer": {"MyForgejoOrganization": ["MyForgejoTeam1", "MyForgejoTeam2"]}}
```

automatically adds a user in the OIDC group `Developer` to the teams
`MyForgejoTeam1` and `MyForgejoTeam2` in organization
`MyForgejoOrganization`.

In order to support more dynamic mappings and to avoid having to update
the mappings for new organizations and teams, add an additional
configuration option that supports mappings with placeholders like in
the following example:

```json
["group-{org}-{team}", "other:{org}/{team}"]
```

In this example, the mappings add a user in OIDC groups
`group-org1-team1`, `group-org2-team2`, and `other:org3/team3` to team
`team1` in organization `org1`, team `team2` in organization `org2`, and
to team `team3` in organization `org3`.

Additionally, this adds a configuration option to dynamically remove
users from organization teams. If enabled, a user is removed from all
teams that are not added via a static or dynamic mapping. Thus, users
are only in teams that are added via such a mapping and no other teams.

Docs: forgejo/docs!1950

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11656
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-05-22 12:38:20 +02:00
..
actions feat: mark skipped checks as skipped (#12606) 2026-05-17 18:00:49 +02:00
agit
asymkey fix: cleanup data before migration retry (#12370) 2026-05-05 12:41:42 +02:00
attachment
auth feat: add dynamic group mappings for OIDC (#11656) 2026-05-22 12:38:20 +02:00
authz feat: ability to edit authorized integration in web UI (#12601) 2026-05-17 18:33:39 +02:00
automerge fix: apply signed-merge checks by merge style (#11403) 2026-04-09 20:26:27 +02:00
context feat: persist OAuth2/OIDC sign-in via IdP re-validation (#12321) 2026-05-15 02:31:20 +02:00
contexttest feat: add more filters to actions run and tasks api (#11584) 2026-03-10 01:20:00 +01:00
convert fix: expose API fields for ssh keys (#12517) (#12625) 2026-05-18 17:44:37 +02:00
cron fix: cleanup data before migration retry (#12370) 2026-05-05 12:41:42 +02:00
doctor chore: upgrade to https://code.forgejo.org/xorm/xorm v1.4.0 (#12639) 2026-05-20 20:20:08 +02:00
externalaccount
f3
federation fix(activitypub): only return public activities on request (#12382) 2026-05-09 05:02:57 +02:00
feed
forgejo
forms feat: add dynamic group mappings for OIDC (#11656) 2026-05-22 12:38:20 +02:00
gitdiff fix: relocate PR review comments using git blame --reverse, improving comment placement (#12015) 2026-04-11 21:45:39 +02:00
indexer
issue chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
lfs 2026-05-12 security patches (#12493) 2026-05-12 04:54:25 +02:00
mailer fix: when reviewing in PRs, make comments relative to viewed base & head, not just viewed head (#12107) 2026-04-14 17:18:14 +02:00
markup
migrations chore: tidy up uploading migration code (#12577) 2026-05-16 11:46:14 +02:00
mirror fix: store pull mirror creds encrypted with keying (#11909) 2026-04-04 13:53:22 +02:00
moderation
notify
org fix: add missing deleting beans for organizations (#11699) 2026-03-17 09:11:52 +01:00
packages chore: upgrade to https://code.forgejo.org/xorm/xorm v1.4.0 (#12639) 2026-05-20 20:20:08 +02:00
pull fix: verify PR author has write access to head to support allow maintainers edit (#12292) 2026-04-29 05:26:22 +02:00
redirect
release fix: don't trip deleting attachment with missing permission error (#11642) 2026-03-12 20:29:10 +01:00
remote
repository feat: serve downsized versions of avatars (#11242) 2026-05-16 12:04:05 +02:00
secrets feat: allow renaming and replacing secrets (#11732) 2026-03-23 03:30:02 +01:00
shared/automerge
stats chore: upgrade to https://code.forgejo.org/xorm/xorm v1.4.0 (#12639) 2026-05-20 20:20:08 +02:00
task fix: cleanup data before migration retry (#12370) 2026-05-05 12:41:42 +02:00
uinotification
user feat: serve downsized versions of avatars (#11242) 2026-05-16 12:04:05 +02:00
webhook chore: add modernizer linter (#11936) 2026-04-02 03:29:37 +02:00
wiki feat: replace repo based server-side hooks with centralised hooks (#10397) 2026-04-27 22:34:46 +02:00