Add blocklist and allowlist for oidc domains#28
Add blocklist and allowlist for oidc domains#28jawabuu wants to merge 5 commits intosiemens:masterfrom
Conversation
|
@max-wittig @ercanucan I have tried as much as possible to keep with your philosophy of keeping the codebase as close as possible to upstream. |
|
Sorry I totally missed your MR. Didn't get any notifications for it. Will take a look in the next few days! |
max-wittig
left a comment
max-wittig
left a comment
There was a problem hiding this comment.
Thanks for the MR. Just some suggestions added
|
Regarding your commit messages. Could you please ensure that these comply with the conventional changelog? Thanks 👍 |
|
Thanks @max-wittig I'll address these immediately. |
|
@max-wittig Would we want to take another look at this now that builds are fixed again? /cc @nejch |
max-wittig
force-pushed
the
filter-domains
branch
from
d2d1b54 to
2113e01
Compare
`hd` is a Google Specific claim and is not present in other OIDC providers.
max-wittig
force-pushed
the
filter-domains
branch
from
2113e01 to
5f0af9e
Compare
|
|
|
I wonder somehow why this can not be solved at the IdP level when you register the app. |
This would be ideal but unfortunately that is not exposed by public providers e.g. Gitlab |
5 participants
This introduces 2 variables
OIDC_DOMAIN_BLOCKLISTOIDC_DOMAIN_ALLOWLISTto filter out which email domains are allowed to login when using SSO.
Related issue
#27
It is possible to do away entirely with these new variables if equivalent setting for
domainscan be found. However, this seems not to be available.getsentry/self-hosted#2894