Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Google Cloud Identity API #2122

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add support for Google Cloud Identity API #2122

wants to merge 2 commits into from
+82 −20

Conversation

kishorviswanathan
Copy link

Add support for using Cloud Identity API for group membership resolution

Description

Google provider uses an admin email and JSON credential to perform group membership verification. This can be avoided by using the Cloud Identity API which uses the authenticating user's credentials to verify membership. This will avoid creating an admin user with wider permissions.

Motivation and Context

Avoids creating a user with domain wide user and group read access.
Implements: #728

How Has This Been Tested?

Tested with the following configuration against GSuite.

provider = "google"
google_group = "[email protected]"
email_domains ="example.org"
scope = "profile email https://www.googleapis.com/auth/cloud-identity.groups.readonly"
client_id ="<client-id>"
client_secret ="<client-secret>"

Checklist:

  • My change requires a change to the documentation or CHANGELOG.
  • I have updated the documentation/CHANGELOG accordingly.
  • I have created a feature (non-master) branch for my PR.

@kishorviswanathan kishorviswanathan requested a review from a team as a code owner May 19, 2023 11:23
@github-actions
Copy link
Contributor

This pull request has been inactive for 60 days. If the pull request is still relevant please comment to re-activate the pull request. If no action is taken within 7 days, the pull request will be marked closed.

@github-actions github-actions bot added the Stale label Jul 22, 2023
@github-actions github-actions bot closed this Jul 30, 2023
@tuunit tuunit reopened this Mar 25, 2024
@github-actions GitHub Actions
Copy link
Contributor

This pull request has been inactive for 60 days. If the pull request is still relevant please comment to re-activate the pull request. If no action is taken within 7 days, the pull request will be marked closed.

@github-actions github-actions bot added the Stale label May 27, 2024
@github-actions github-actions bot closed this Jun 5, 2024
@tuunit tuunit reopened this Jun 23, 2024
@tuunit tuunit removed the Stale label Jun 23, 2024
@github-actions GitHub Actions
Copy link
Contributor

This pull request has been inactive for 60 days. If the pull request is still relevant please comment to re-activate the pull request. If no action is taken within 7 days, the pull request will be marked closed.

@github-actions github-actions bot added the Stale label Aug 24, 2024
@github-actions github-actions bot closed this Sep 2, 2024
@tuunit tuunit reopened this Sep 15, 2024
@tuunit tuunit removed the Stale label Sep 15, 2024
@ravenolf
Copy link

ravenolf commented Jan 8, 2025
edited
Loading

This would be amazing! Looking forward to seeing it merged 👍 I'm not very experienced in Go, but I'm willing to contribute

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
docs go provider tests
Projects
OAuth2-Proxy Release Planning & Roadmap
Status: Proposed
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kishorviswanathan @ravenolf @tuunit