[PR #3616] [MERGED] Added OIDC group sync functionality #6232

New Issue

OVERLORD · 2026-02-05T10:27:25+03:00

OVERLORD commented

2026-02-05 10:27:25 +03:00

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/3616
Author: @ssddanbrown
Created: 8/2/2022
Status: ✅ Merged
Merged: 8/25/2022
Merged by: @ssddanbrown

Base: development ← Head: oidc_group_sync

📝 Commits (1)

b987bea Added OIDC group sync functionality

📊 Changes

5 files changed (+170 additions, -4 deletions)

View changed files

📝 .env.example.complete (+4 -0)
📝 app/Auth/Access/Oidc/OidcOAuthProvider.php (+15 -1)
📝 app/Auth/Access/Oidc/OidcService.php (+70 -3)
📝 app/Config/oidc.php (+12 -0)
📝 tests/Auth/OidcTest.php (+69 -0)

📄 Description

Is generally aligned with out SAML2 group sync functionality, but for OIDC based upon feedback in #3004.
Needed the tangential addition of being able to define custom scopes on the initial auth request as some systems use this to provide additional id token claims such as groups.

Includes tests to cover.
Tested live using Okta.

Docs Updates

Need to document group syncing completely.
Need to document the use of OIDC_ADDITIONAL_SCOPES, and it's format (comma separated string).
Need to document behaviour of default registration role (Used when remove_from_groups option is active). Same as OIDC/LDAP behaviour.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/3616 **Author:** [@ssddanbrown](https://github.com/ssddanbrown) **Created:** 8/2/2022 **Status:** ✅ Merged **Merged:** 8/25/2022 **Merged by:** [@ssddanbrown](https://github.com/ssddanbrown) **Base:** `development` ← **Head:** `oidc_group_sync` --- ### 📝 Commits (1) - [`b987bea`](https://github.com/BookStackApp/BookStack/commit/b987bea37a593201107f207dc065e973e3ec39e8) Added OIDC group sync functionality ### 📊 Changes **5 files changed** (+170 additions, -4 deletions) <details> <summary>View changed files</summary> 📝 `.env.example.complete` (+4 -0) 📝 `app/Auth/Access/Oidc/OidcOAuthProvider.php` (+15 -1) 📝 `app/Auth/Access/Oidc/OidcService.php` (+70 -3) 📝 `app/Config/oidc.php` (+12 -0) 📝 `tests/Auth/OidcTest.php` (+69 -0) </details> ### 📄 Description Is generally aligned with out SAML2 group sync functionality, but for OIDC based upon feedback in #3004. Needed the tangential addition of being able to define custom scopes on the initial auth request as some systems use this to provide additional id token claims such as groups. Includes tests to cover. Tested live using Okta. ### Docs Updates - Need to document group syncing completely. - Need to document the use of `OIDC_ADDITIONAL_SCOPES`, and it's format (comma separated string). - Need to document behaviour of default registration role (Used when `remove_from_groups` option is active). Same as OIDC/LDAP behaviour. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2026-02-05 10:27:25 +03:00

OVERLORD closed this issue

2026-02-05 10:27:26 +03:00

Sign in to join this conversation.

Branches Tags

development

l10n_development

release

v26-03

ci_fixing

codeberg-actions

lexical_may_2026

MilnerMart/development

sort_rule_text

GamerClassN7/impersonations-for-admin

Zhey-on/feature/csp-image-css-controls-6033

tortillas5/development

clauvaldez/mfaReset

llm_only

vectors

McTom234/oidc-key-algorithms

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#6232