autoprovisioning: Manage group memberships #9458
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
rhafer
force-pushed
the
issue/5538
branch
9 times, most recently
from
94620ca to
f99624d
Compare
rhafer
changed the title
|
@mmattel Please review the |
mmattel
reviewed
Jul 2, 2024
mmattel
reviewed
Jul 2, 2024
mmattel
reviewed
Jul 2, 2024
mmattel
reviewed
Jul 2, 2024
mmattel
reviewed
Jul 2, 2024
mmattel
reviewed
Jul 2, 2024
mmattel
reviewed
Jul 2, 2024
mmattel
reviewed
Jul 2, 2024
mmattel
reviewed
Jul 2, 2024
kobergj
previously requested changes
Jul 4, 2024
Add support for autoprovisioning group memberships from OIDC claims. Users are added to and removed from groups based on the value of an OIDC claim. If a group does not exist, it is created. Closes: owncloud#5538
Co-authored-by: Martin <[email protected]>
|
micbar
reviewed
Jul 8, 2024
| return err | ||
| default: | ||
| // group has been created meanwhile, re-read it to get the group id | ||
| lgGroup, err = c.getLibregraphGroup(newctx, lgClient, group) |
micbar
approved these changes
Jul 8, 2024
There was a problem hiding this comment.
LGTM!
@ScharfViktor We need to get some API tests up and running for this.
ownclouders
pushed a commit
that referenced
this pull request
Jul 8, 2024
autoprovisioning: Manage group memberships
This was referenced Jul 16, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Requires: cs3org/reva#4738 ✔️
groupmembership are not deleted yetconfig knobs for the group claim are missingThe sync process is currently triggered with every single request, we need to limit this to e.g. once per accesstoken lifetime (or once per userinfo cache ttl)documentation is missingTo avoid syncing group memberships with every single incoming request I add a small ttl based cache that keeps track of when group memberships were last updated for a specific user. Currently the ttl is hardcode to 1 minute, I am still pondering whether to turn that into a configuration option.