Behaviour of OIDC group sync #4940

New Issue

Closed

opened 2026-02-05 09:27:39 +03:00 by OVERLORD · 14 comments

OVERLORD commented 2026-02-05 09:27:39 +03:00

Owner

Copy Link

Originally created by @RZR7332 on GitHub (Sep 6, 2024).

Attempted Debugging

• I have read the debugging page

Searched GitHub Issues

• I have searched GitHub for the issue.

Describe the Scenario

Hi Dan,

I think this is more a case of me overthinking, or not quite understanding how the whole setup works properly. I migrated my BookStack setup recently to OIDC fairly smoothly, but there is something odd in the behaviour of the group sync which does not make sense to me (likely a user problem here).

From the documentation:

BookStack has the ability to sync OIDC user groups with BookStack roles. By default this will match OIDC group names with the BookStack role display names with casing ignored. This can be overridden by via the ‘External Authentication IDs’ field which can be seen when editing a role while OIDC authentication is enabled.

This to me implies that the group names will be ignored if the External Authentication ID field is set - which it is. I followed the guide to map my already existing user to the user created on Keycloak by using that field, which works perfectly. I have also configured my .env file as below:

! Enable OIDC group sync.
OIDC_USER_TO_GROUPS=true

! Set the attribute from which BookStack will read groups names from.
OIDC_GROUPS_CLAIM=groups

! Additional scopes to send with the authentication request.
! By default BookStack only sends the 'openid', 'profile' & 'email' scopes.
! Many platforms require specific scopes to be requested for group data.
! Multiple scopes can be added via comma separation.
! Comment out unless this is used, as this will break the redirection/integration
! and throw an unknown error which can be viewed in the URL.
!OIDC_ADDITIONAL_SCOPES=roles
! Remove the user from roles that don't match OIDC groups upon login.
! Note: While this is enabled the "Default Registration Role", editable within the 
! BookStack settings view, will be considered a matched role and assigned to the user.
OIDC_REMOVE_FROM_GROUPS=false

This also seems to work correctly as the below is returned from Keycloak after creating a custom attribute and mapping (tested by dumping user details):

"groups": "Admin",

By my logic, this should match the Admin role within BookStack and assign it to my user, which seems to be fine.

My issue comes in when I enable OIDC_REMOVE_FROM_GROUPS - as soon as that is set to true, when I log in my user has no permissions at all - so I am seemingly hitting the default role/permissions here.

Have I missed or misunderstood something in terms of how the process works?

Exact BookStack Version

v24.05.4

Log Content

No response

Hosting Environment

Installed using official installation script.

Originally created by @RZR7332 on GitHub (Sep 6, 2024). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario Hi Dan, I think this is more a case of me overthinking, or not quite understanding how the whole setup works properly. I migrated my BookStack setup recently to OIDC fairly smoothly, but there is something odd in the behaviour of the group sync which does not make sense to me (likely a user problem here). From the documentation: _BookStack has the ability to sync OIDC user groups with BookStack roles. By default this will match OIDC group names with the BookStack role display names with casing ignored. This can be overridden by via the ‘External Authentication IDs’ field which can be seen when editing a role while OIDC authentication is enabled._ This to me implies that the group names will be ignored if the External Authentication ID field is set - which it is. I followed the guide to map my already existing user to the user created on Keycloak by using that field, which works perfectly. I have also configured my .env file as below: ``` ! Enable OIDC group sync. OIDC_USER_TO_GROUPS=true ! Set the attribute from which BookStack will read groups names from. OIDC_GROUPS_CLAIM=groups ! Additional scopes to send with the authentication request. ! By default BookStack only sends the 'openid', 'profile' & 'email' scopes. ! Many platforms require specific scopes to be requested for group data. ! Multiple scopes can be added via comma separation. ! Comment out unless this is used, as this will break the redirection/integration ! and throw an unknown error which can be viewed in the URL. !OIDC_ADDITIONAL_SCOPES=roles ! Remove the user from roles that don't match OIDC groups upon login. ! Note: While this is enabled the "Default Registration Role", editable within the ! BookStack settings view, will be considered a matched role and assigned to the user. OIDC_REMOVE_FROM_GROUPS=false ``` This also seems to work correctly as the below is returned from Keycloak after creating a custom attribute and mapping (tested by dumping user details): ` "groups": "Admin",` By my logic, this should match the Admin role within BookStack and assign it to my user, which seems to be fine. My issue comes in when I enable OIDC_REMOVE_FROM_GROUPS - as soon as that is set to true, when I log in my user has no permissions at all - so I am seemingly hitting the default role/permissions here. Have I missed or misunderstood something in terms of how the process works? ### Exact BookStack Version v24.05.4 ### Log Content _No response_ ### Hosting Environment Installed using official installation script.

OVERLORD added the 🐕 Support label 2026-02-05 09:27:39 +03:00

OVERLORD closed this issue 2026-02-05 09:27:41 +03:00

OVERLORD commented 2026-02-05 09:27:44 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Sep 6, 2024):

👋 Hi @RZR7332,

This also seems to work correctly as the below is returned from Keycloak after creating a custom attribute and mapping (tested by dumping user details):

That output isn't what I'd expect from the OIDC system for groups. BookStack expects to see an array of groups under the given claim, instead of the simple single string value that currently appears to be returned there.

@ssddanbrown commented on GitHub (Sep 6, 2024): :wave: Hi @RZR7332, > This also seems to work correctly as the below is returned from Keycloak after creating a custom attribute and mapping (tested by dumping user details): That output isn't what I'd expect from the OIDC system for groups. BookStack expects to see an array of groups under the given claim, instead of the simple single string value that currently appears to be returned there.

OVERLORD commented 2026-02-05 09:27:46 +03:00

Author

Owner

Copy Link

@RZR7332 commented on GitHub (Sep 6, 2024):

Hi Dan,

I omitted a lot of info, the full token looks as below (values redacted):

{ "exp": REDACTED, "iat": REDACTED, "auth_time": REDACTED, "jti": "REDACTED", "iss": "REDACTED", "aud": "bookstack", "sub": "REDACTED", "typ": "ID", "azp": "bookstack", "sid": "REDACTED", "at_hash": "REDACTED", "acr": "1", "email_verified": true, "name": "REDACTED", "groups": "Admin", "preferred_username": "REDACTED", "given_name": "REDACTED", "family_name": "REDACTED", "email": "REDACTED" }

However, I take your point. Based on this, would you agree that group sync is in fact not working at all in my case and login is merely using the group/role which has been statically assigned to the user?

I must have missed something somewhere, will keep reading and digging.

@RZR7332 commented on GitHub (Sep 6, 2024): Hi Dan, I omitted a lot of info, the full token looks as below (values redacted): `{ "exp": REDACTED, "iat": REDACTED, "auth_time": REDACTED, "jti": "REDACTED", "iss": "REDACTED", "aud": "bookstack", "sub": "REDACTED", "typ": "ID", "azp": "bookstack", "sid": "REDACTED", "at_hash": "REDACTED", "acr": "1", "email_verified": true, "name": "REDACTED", "groups": "Admin", "preferred_username": "REDACTED", "given_name": "REDACTED", "family_name": "REDACTED", "email": "REDACTED" }` However, I take your point. Based on this, would you agree that group sync is in fact not working at all in my case and login is merely using the group/role which has been statically assigned to the user? I must have missed something somewhere, will keep reading and digging.

OVERLORD commented 2026-02-05 09:27:48 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Sep 7, 2024):

However, I take your point. Based on this, would you agree that group sync is in fact not working at all in my case and login is merely using the group/role which has been statically assigned to the user?

Yeah, that's likely.

Looking at the answer here it looks like it should be possible via a "Groups Mapper"?:
https://stackoverflow.com/questions/56362197/keycloak-oidc-retrieve-user-groups-attributes

@ssddanbrown commented on GitHub (Sep 7, 2024): > However, I take your point. Based on this, would you agree that group sync is in fact not working at all in my case and login is merely using the group/role which has been statically assigned to the user? Yeah, that's likely. Looking at the answer here it looks like it should be possible via a "Groups Mapper"?: https://stackoverflow.com/questions/56362197/keycloak-oidc-retrieve-user-groups-attributes

OVERLORD commented 2026-02-05 09:27:51 +03:00

Author

Owner

Copy Link

@RZR7332 commented on GitHub (Sep 9, 2024):

Thanks Dan, had a very quick look and it seems similar to what I have done (I added a custom attribute and mapped it to the application). Will set aside some time this week to work through it and see where the mismatch is.

Much appreciated!

@RZR7332 commented on GitHub (Sep 9, 2024): Thanks Dan, had a very quick look and it seems similar to what I have done (I added a custom attribute and mapped it to the application). Will set aside some time this week to work through it and see where the mismatch is. Much appreciated!

OVERLORD commented 2026-02-05 09:27:53 +03:00

Author

Owner

Copy Link

@RZR7332 commented on GitHub (Sep 27, 2024):

As suspected, I was the problem: I was operating under the understanding that as long as the correct string/text was present in the token, it would be mapped correctly - this was a mistake. My initial test for group sync was done with user attributes in Keycloak, which clearly did not work.

Thanks to inspiration from another issue (https://github.com/BookStackApp/BookStack/issues/3004#issuecomment-1197974958), the correct sequence of events should be similar to the below:

1. Create client-specific role, e.g. Admin.
2. Map your user to that role.
3. Under the [client]-dedicated scope, configure a new mapper and choose User Client Role.

This should return a Token Claim Name of resource_access.${client_id}.roles which is the correct and expected claim.

Thanks for the patience and help, hope this helps someone in the future.

@RZR7332 commented on GitHub (Sep 27, 2024): As suspected, I was the problem: I was operating under the understanding that as long as the correct string/text was present in the token, it would be mapped correctly - this was a mistake. My initial test for group sync was done with user attributes in Keycloak, which clearly did not work. Thanks to inspiration from another issue (https://github.com/BookStackApp/BookStack/issues/3004#issuecomment-1197974958), the correct sequence of events should be similar to the below: 1. Create client-specific role, e.g. Admin. 2. Map your user to that role. 3. Under the [client]-dedicated scope, configure a new mapper and choose User Client Role. This should return a Token Claim Name of resource_access.${client_id}.roles which is the correct and expected claim. Thanks for the patience and help, hope this helps someone in the future.

OVERLORD commented 2026-02-05 09:27:57 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Sep 27, 2024):

@RZR7332 Good to hear you found a solution and got things working!

@ssddanbrown commented on GitHub (Sep 27, 2024): @RZR7332 Good to hear you found a solution and got things working!

OVERLORD commented 2026-02-05 09:27:59 +03:00

Author

Owner

Copy Link

@den5o commented on GitHub (Dec 19, 2024):

@RZR7332

Thanks to inspiration from another issue (#3004 (comment)), the correct sequence of events should be similar to the below:

1. Create client-specific role, e.g. Admin.

2. Map your user to that role.

3. Under the [client]-dedicated scope, configure a new mapper and choose User Client Role.

This should return a Token Claim Name of resource_access.${client_id}.roles which is the correct and expected claim.

I tried your instructions and have been unsuccessful in logging in as administrator.

Step 1

Step 2

Step 3

Am I missing something?

@den5o commented on GitHub (Dec 19, 2024): @RZR7332 > Thanks to inspiration from another issue ([#3004 (comment)](https://github.com/BookStackApp/BookStack/issues/3004#issuecomment-1197974958)), the correct sequence of events should be similar to the below: > > 1. Create client-specific role, e.g. Admin. > > 2. Map your user to that role. > > 3. Under the [client]-dedicated scope, configure a new mapper and choose User Client Role. > > > This should return a Token Claim Name of resource_access.${client_id}.roles which is the correct and expected claim. I tried your instructions and have been unsuccessful in logging in as administrator. Step 1  Step 2  Step 3   Am I missing something?

OVERLORD commented 2026-02-05 09:28:00 +03:00

Author

Owner

Copy Link

@RZR7332 commented on GitHub (Dec 20, 2024):

@den5o everything looks okay, apart from the empty Token Claim Name field - not sure why it is blank. Try pasting resource_access.${client_id}.roles into the field and save, see what happens. You may need to enable the debug on BookStack to see what is being returned.

@RZR7332 commented on GitHub (Dec 20, 2024): @den5o everything looks okay, apart from the empty Token Claim Name field - not sure why it is blank. Try pasting resource_access.${client_id}.roles into the field and save, see what happens. You may need to enable the debug on BookStack to see what is being returned.

OVERLORD commented 2026-02-05 09:28:02 +03:00

Author

Owner

Copy Link

@den5o commented on GitHub (Dec 20, 2024):

@RZR7332 I tried resource_access.${client_id}.roles in the Token Claim Name field but results are the same.

It turns out the issue is greater than me not having admin access. All my users including myself, are logged in with the least amount of privilege possible. We can't even create shelves/books, It's view only.

I used APP_DEBUG=true in my compose file but the logs are the same as without it:

[20/Dec/2024:10:48:20 +0000] "GET /login?prevent_auto_init=true HTTP/1.1" 200 3791 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0"

[20/Dec/2024:10:48:23 +0000] "POST /oidc/login HTTP/1.1" 302 3644 "https://bookstack.mydomain.tld/login?prevent_auto_init=true" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0"

[20/Dec/2024:10:48:36 +0000] "GET /oidc/callback?state=a66372e545017b3d98c6e7ff2b6f32e2&session_state=6b077d5d-103f-418f-8f80-31c38f9ba940&iss=https%3A%2F%2Fauth.mydomain.tld%2Frealms%2Fgfc&code=85229dea-45e6-4dd2-b1fd-d70f72acf588.6b077d5d-103f-418f-8f80-31c38f9ba940.16963e45-cad9-4e36-a71e-bef38dbbc000 HTTP/1.1" 302 1902 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0"

[20/Dec/2024:10:48:37 +0000] "GET / HTTP/1.1" 200 5547 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0"

[20/Dec/2024:10:48:37 +0000] "GET /uploads/images/user/2024-12/thumbs-30-30/xzc5qsdxjo-avatar.png HTTP/1.1" 200 2398 "https://bookstack.mydomain.tld/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0"

Do I need to exec into the container to get the debug logs? If so, how?

@den5o commented on GitHub (Dec 20, 2024): @RZR7332 I tried `resource_access.${client_id}.roles` in the Token Claim Name field but results are the same. It turns out the issue is greater than me not having admin access. All my users including myself, are logged in with the least amount of privilege possible. We can't even create shelves/books, It's view only. I used `APP_DEBUG=true` in my compose file but the logs are the same as without it: ``` [20/Dec/2024:10:48:20 +0000] "GET /login?prevent_auto_init=true HTTP/1.1" 200 3791 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0" [20/Dec/2024:10:48:23 +0000] "POST /oidc/login HTTP/1.1" 302 3644 "https://bookstack.mydomain.tld/login?prevent_auto_init=true" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0" [20/Dec/2024:10:48:36 +0000] "GET /oidc/callback?state=a66372e545017b3d98c6e7ff2b6f32e2&session_state=6b077d5d-103f-418f-8f80-31c38f9ba940&iss=https%3A%2F%2Fauth.mydomain.tld%2Frealms%2Fgfc&code=85229dea-45e6-4dd2-b1fd-d70f72acf588.6b077d5d-103f-418f-8f80-31c38f9ba940.16963e45-cad9-4e36-a71e-bef38dbbc000 HTTP/1.1" 302 1902 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0" [20/Dec/2024:10:48:37 +0000] "GET / HTTP/1.1" 200 5547 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0" [20/Dec/2024:10:48:37 +0000] "GET /uploads/images/user/2024-12/thumbs-30-30/xzc5qsdxjo-avatar.png HTTP/1.1" 200 2398 "https://bookstack.mydomain.tld/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0" ``` Do I need to exec into the container to get the debug logs? If so, how?

OVERLORD commented 2026-02-05 09:28:03 +03:00

Author

Owner

Copy Link

@den5o commented on GitHub (Dec 20, 2024):

I used OIDC_DUMP_USER_DETAILS=true and got the following response:

...
    "resource_access": {
        "bookstack-client": {
            "roles": [
                "Admin"
            ]
        }
    },
...

@den5o commented on GitHub (Dec 20, 2024): I used `OIDC_DUMP_USER_DETAILS=true` and got the following response: ``` ... "resource_access": { "bookstack-client": { "roles": [ "Admin" ] } }, ... ```

OVERLORD commented 2026-02-05 09:28:06 +03:00

Author

Owner

Copy Link

@den5o commented on GitHub (Dec 20, 2024):

@RZR7332 your original post is based around OIDC user groups and Bookstack roles. Do I need to also configure groups in my keycloak instance for this to work?

@den5o commented on GitHub (Dec 20, 2024): @RZR7332 your original post is based around OIDC user groups and Bookstack roles. Do I need to also configure groups in my keycloak instance for this to work?

OVERLORD commented 2026-02-05 09:28:08 +03:00

Author

Owner

Copy Link

@RZR7332 commented on GitHub (Dec 20, 2024):

That looks correct as well, same as mine. Maybe something missing on the BookStack side? Have you set OIDC_USER_TO_GROUPS and OIDC_GROUPS_CLAIM correctly?

I was on the wrong path with my original post - it seems the Groups thing is just a string in the token rather than actual permissions.

@RZR7332 commented on GitHub (Dec 20, 2024): That looks correct as well, same as mine. Maybe something missing on the BookStack side? Have you set OIDC_USER_TO_GROUPS and OIDC_GROUPS_CLAIM correctly? I was on the wrong path with my original post - it seems the Groups thing is just a string in the token rather than actual permissions.

OVERLORD commented 2026-02-05 09:28:10 +03:00

Author

Owner

Copy Link

@den5o commented on GitHub (Dec 20, 2024):

I've set those to:

OIDC_USER_TO_GROUPS=true
OIDC_GROUPS_CLAIM=groups

but I'm not entirely sure that's the correct config.

OK this was my mistake. I set OIDC_GROUPS_CLAIM=resource_access.${OIDC_CLIENT_ID}.roles and I'm now logged in as admin.

@RZR7332 Thank you so much for helping out.

@den5o commented on GitHub (Dec 20, 2024): ~~I've set those to:~~ ``` OIDC_USER_TO_GROUPS=true OIDC_GROUPS_CLAIM=groups ``` ~~but I'm not entirely sure that's the correct config.~~ OK this was my mistake. I set `OIDC_GROUPS_CLAIM=resource_access.${OIDC_CLIENT_ID}.roles` and I'm now logged in as admin. @RZR7332 Thank you so much for helping out.

OVERLORD commented 2026-02-05 09:28:11 +03:00

Author

Owner

Copy Link

@RZR7332 commented on GitHub (Dec 20, 2024):

I think you fell into the same trap I did, that is what lead me down the groups road in the first place. Basically, that string (OIDC_GROUPS_CLAIM) tells BookStack where to pull the roles from in the token - since there was no groups claim in your token, your user had no roles and thus could do nothing when logged in.

Glad its sorted!

@RZR7332 commented on GitHub (Dec 20, 2024): I think you fell into the same trap I did, that is what lead me down the groups road in the first place. Basically, that string (OIDC_GROUPS_CLAIM) tells BookStack where to pull the roles from in the token - since there was no groups claim in your token, your user had no roles and thus could do nothing when logged in. Glad its sorted!

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

further_theme_development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐕 Support

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#4940