Skip to content

GitHub SSO succeeds but GitHub teams are not mapped to Kouncil roles #514

Open
Open
GitHub SSO succeeds but GitHub teams are not mapped to Kouncil roles#514
@adheizal

Description

@adheizal
adheizal
opened on Apr 9, 2026

Environment:

  • Kouncil version: v1.9.1
  • Auth provider: GitHub SSO
  • External DB: PostgreSQL
  • GitHub organization restriction set to: example

Config:

kouncil:
  auth:
    active-provider: sso
    sso:
      supported:
        - github
  authorization:
    role-admin: tribe-devops
    role-editor: tribe-developer
    role-viewer: tribe-security

spring:
  security:
    oauth2:
      client:
        registration:
          github:
            scope: read:org
            organizations: example

Observed behavior:

  • GitHub login succeeds

  • Kouncil logs show:

    • User roles: []
    • OAuth token contains SCOPE_read:org

  • User gets permission denied

Evidence from GitHub API:
GET /user/teams returns the user as a member of:

  • tribe-devops

Expected behavior:

  • Kouncil should map GitHub team tribe-devops to configured roles
  • User should receive at least one Kouncil role instead of User roles: []
2026-04-09 00:45:30.212  INFO 1 --- [nio-8080-exec-6] c.c.kouncil.security.UserRolesMapping    : User roles: []

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions