Optimized OIDC integration for mailu

2025-08-29 15:06:26 +02:00 · 2025-04-07 13:18:52 +02:00
parent 2997fb4f5f
commit 715d5fdb85
10 changed files with 57 additions and 22 deletions
--- a/roles/docker-taiga/templates/env.j2
+++ b/roles/docker-taiga/templates/env.j2
@@ -57,11 +57,15 @@ OPENID_TOKEN_URL="{{oidc.client.token_url}}"
 OPENID_CLIENT_ID="{{oidc.client.id}}"
 OPENID_CLIENT_SECRET="{{oidc.client.secret}}"
 OPENID_NAME="{{oidc.button_text}}"
+OPENID_USERNAME_FIELD="{{oidc.attributes.username}}"
+
 # Default Values
-#
 # OPENID_ID_FIELD="sub"
-# OPENID_USERNAME_FIELD="preferred_username"
 # OPENID_FULLNAME_FIELD="name"
 # OPENID_EMAIL_FIELD="email"
 # OPENID_SCOPE="openid email"
+
+# The following are optional fields to configure filtering users based on the openid-userinfo. A common use case is to allow only specific roles or groups to log into taiga. OPENID_FILTER_FIELD is the name of the claim that's present in the UserInfo. The field is expected to be a list of strings. OPENID_FILTER is the allowed values, comma seperated.
+#OPENID_FILTER = "taiga_users,taiga_admins"
+#OPENID_FILTER_FIELD = "groups"
 {% endif %}