github/TREK
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add OIDC_SCOPE env var and document it across all config files

Browse Source 
Fixes #306 — OIDC scopes were hardcoded to 'openid email profile',
causing OIDC_ADMIN_CLAIM-based role mapping to fail when the required
scope (e.g. 'groups') wasn't requested. The new OIDC_SCOPE variable
defaults to 'openid email profile groups' so group-based admin mapping
works out of the box. Variable is now documented in README, docker-compose,
.env.example, and the Helm chart values.
This commit is contained in:
jubnl
2026-04-02 07:46:27 +02:00
parent b1cca15f6f
commit 32b63adc68
5 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
chart/values.yaml
View File

@@ -24,6 +24,8 @@ env:
# Set to "false" to allow session cookies over plain HTTP (e.g. no ingress TLS). Not recommended for production.
# OIDC_DISCOVERY_URL: ""
# Override the OIDC discovery endpoint for providers with non-standard paths (e.g. Authentik).
# OIDC_SCOPE: "openid email profile groups"
# Space-separated OIDC scopes to request. Must include scopes for any claim used by OIDC_ADMIN_CLAIM.
# Secret environment variables stored in a Kubernetes Secret.