Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: google workspace limit access to a single group #4613

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: google workspace limit access to a single group #4613

wants to merge 1 commit into from
+131 −8

Conversation

owengo
Copy link

@owengo owengo commented Nov 2, 2024

Pull Request Template

⚠️ Documentation Updates Notice:

Summary

#1746
When google login is configured for a workspace account the feature permits to restricts logins to members of a group.

Change Type

Please delete any irrelevant options.

  • New feature (non-breaking change which adds functionality)
  • This change requires a documentation update

Testing

  • If the GOOGLE_WORKSPACE_GROUP is not defined in the .env,or if it's empty, nothing changes: all members of the workspace account can login and no extra scopes are required in the oauth2 consent screen.
  • When GOOGLE_WORKSPACE_GROUP is set:
    • all oauth2 consent screen require the extra 'https://www.googleapis.com/auth/cloud-identity.groups.readonly' scope permission aka: "See any Cloud Identity Groups that you can access, including group members and their emails"
    • at login, if the user:
      • is allowed to list the members of the configured group
      • is member of the configured group
        • access is granted normally
      • else
        • access is refused and user is redirected to the login page at the end of oauth process

Test Configuration:

The feature works with google workspaces accounts. A group must be created in the workspace account and member of the group must be allowed to see the members of the group.
The email address of the group has to be configured in the .env as GOOGLE_WORKSPACE_GROUP=
Note that the group can contain other groups and all member of the included groups will also be allowed.

Checklist

Please delete any irrelevant options.

  • My code adheres to this project's style guidelines
  • I have performed a self-review of my own code
  • I have commented in any complex areas of my code
  • I have made pertinent documentation changes
  • My changes do not introduce new warnings
  • A pull request for updating the documentation has been submitted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@owengo @olivierhub