New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add OAuth/OpenID profile filter #9031
Comments
I believe you had removed this commit 33dd4b3 |
Is this feature documented anywhere? How do I enable the automatic user creation? |
Never mind, I think I just found it in Environment variables: |
Yup. That is the plan 😄 |
Are you working on this? If not could we talk more about the plan? |
This is on @rijkvanzanten. If I had my way it would be using the email domain filter I implemented 😂 |
@jaycammarano The rough plan is:
In order to do that, we need to configure what to check for and filter against, which we can do in a "public registration filter" environment variable. We already have a filtering setup (the filer rules), and a util that can check any arbitrary object against those rules, so we should be able to add an if-statement in the registration part of the OAuth/OpenID/LDAP providers that checks if the payload we received from the provider validates against the custom rules configured in the env var. This would allow the user to only allow dynamic registration based on a known flag on "the other end", for example "role = xyz" or "email endswidth @directus.io" etc |
Linear: ENG-290 |
With the newly added OAuth and OpenID drivers, it's possible to automatically create the user if they don't exist in the platform yet. However, this is currently an all-or-nothing setup. Useful for private user directories, like auth0 or Okta, but less ideal for big open platforms like Facebook or Google.
We should add a
AUTH_<PROVIDER>_PUBLIC_REGISTRATION_FILTER
that takes in a filter rules object to allow for specific external providers to have access. This could be something likeor
The text was updated successfully, but these errors were encountered: