[FLI-1258] Allow passing GitHub 'claims'/metadata to Authz #3435
Assignees
Labels
Comments
markphelps
changed the title
|
Hi @markphelps , I would like to work on this issue |
|
You are welcome @devumesh |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
Re: https://community.flipt.io/t/restrict-access-to-feature-flags-per-teams/41/2?u=mark
We currently map OIDC authn
claimsto a claims field in the metadata that is passed to our authz engine (ie: https://docs.flipt.io/guides/operation/authorization/rbac-with-keycloak), however we don't provide similar functionality for GitHub auth.The user in the above linked Community post would like to create authz policies based on the authenticated user's GitHub team membership
Ideal Solution
Provide a way to pass an authenticated GitHub user's data to our authz engine. It would be nice if it were similar to how we do it in OIDC using something like
claims, although I realize GitHub user response doesn't have a field calledclaimsso maybe we need to name it something else?https://docs.github.com/en/rest/users/users?apiVersion=2022-11-28#get-the-authenticated-user
It also doesn't return the organization/teams of a user without doing another REST API call like we do to support Github allowed orgs/teams. But since we are already doing this at the authn stage, we could add this data to the metadata passed to authz.
Maybe we use something more generically named than
claimsfor GitHub / other non-OIDC authn methods?Search
Additional Context
No response
FLI-1258
The text was updated successfully, but these errors were encountered: