Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bed-5008 feat: Add role provision support #1043

Merged
merged 3 commits into from
Jan 2, 2025
Merged

Bed-5008 feat: Add role provision support #1043

merged 3 commits into from
Jan 2, 2025

Conversation

mistahj67
Copy link
Contributor

@mistahj67 mistahj67 commented Dec 27, 2024
edited
Loading

Description

  • Moved the redirectToLogin helper to v2 as it isn't sso specific
  • Added support for role provision

Motivation and Context

This PR addresses: BED-5008

Why is this change required? What problem does it solve?
Adds support for SSO IDPs to supply role information in the login response flow during just-in-time provisioning to also provision specific bloodhound roles

How Has This Been Tested?

Locally with Authentik

Screenshots (optional):

Types of changes

  • New feature (non-breaking change which adds functionality)

Checklist:

@mistahj67 mistahj67 added the api A pull request containing changes affecting the API code. label Dec 27, 2024
@mistahj67 mistahj67 self-assigned this Dec 27, 2024
@mistahj67 mistahj67 changed the title Bed 5008 Bed-5008 feat: Add role provision support Dec 27, 2024
@mistahj67 mistahj67 force-pushed the BED-5008 branch 2 times, most recently from b9f964f to a86e79c Compare December 27, 2024 22:23
@mistahj67 mistahj67 force-pushed the BED-5070 branch 2 times, most recently from 8f4cc92 to 4e44d60 Compare December 30, 2024 19:57
@mistahj67 mistahj67 force-pushed the BED-5008 branch 6 times, most recently from 4d8747e to 245508c Compare December 30, 2024 21:13
@mistahj67 mistahj67 requested a review from superlinkx January 2, 2025 18:16
superlinkx
superlinkx approved these changes Jan 2, 2025
View reviewed changes
Copy link
Contributor

@superlinkx superlinkx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks really clean, thanks for all the careful refactors! It felt a lot easier to parse what we're trying to do in each area. Just a couple of nits, primarily about error messaging edge cases, but I'm happy to approve as-is.

cmd/api/src/api/v2/auth/oidc.go Outdated Show resolved Hide resolved
cmd/api/src/api/v2/auth/saml.go Show resolved Hide resolved
cmd/api/src/api/v2/auth/sso.go Show resolved Hide resolved
@mistahj67 mistahj67 force-pushed the BED-5008 branch 3 times, most recently from d8c9836 to 3c44d8a Compare January 2, 2025 19:48
Base automatically changed from BED-5070 to main January 2, 2025 20:00
@mistahj67 mistahj67 merged commit 19089bc into main Jan 2, 2025
5 checks passed
@mistahj67 mistahj67 deleted the BED-5008 branch January 2, 2025 20:28
@github-actions github-actions bot locked and limited conversation to collaborators Jan 2, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mvlipka mvlipka mvlipka approved these changes

@superlinkx superlinkx superlinkx approved these changes

Assignees

@mistahj67 mistahj67

Labels
api A pull request containing changes affecting the API code.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mistahj67 @superlinkx @mvlipka