Add OAuth/OpenID profile filter #9031
Comments
|
I believe you had removed this commit 33dd4b3 |
Is this feature documented anywhere? How do I enable the automatic user creation? |
|
Never mind, I think I just found it in Environment variables: |
Yup. That is the plan 😄 |
Are you working on this? If not could we talk more about the plan? |
This is on @rijkvanzanten. If I had my way it would be using the email domain filter I implemented 😂 |
rijkvanzanten
changed the title
@jaycammarano The rough plan is:
In order to do that, we need to configure what to check for and filter against, which we can do in a "public registration filter" environment variable. We already have a filtering setup (the filer rules), and a util that can check any arbitrary object against those rules, so we should be able to add an if-statement in the registration part of the OAuth/OpenID/LDAP providers that checks if the payload we received from the provider validates against the custom rules configured in the env var. This would allow the user to only allow dynamic registration based on a known flag on "the other end", for example "role = xyz" or "email endswidth @directus.io" etc |
|
Linear: ENG-290 |
With the newly added OAuth and OpenID drivers, it's possible to automatically create the user if they don't exist in the platform yet. However, this is currently an all-or-nothing setup. Useful for private user directories, like auth0 or Okta, but less ideal for big open platforms like Facebook or Google.
We should add a
AUTH_<PROVIDER>_PUBLIC_REGISTRATION_FILTERthat takes in a filter rules object to allow for specific external providers to have access. This could be something like{ "email": { "_ends_with": "@directus.io" } }or
{ "profile": { "username": { "_in": ["@rijkvanzanten", "@benhaynes"] } } }The text was updated successfully, but these errors were encountered: