Support group replication from OAuth2 groups claim #763

New Issue

Open

opened 2026-02-04 21:15:47 +03:00 by OVERLORD · 0 comments

OVERLORD commented 2026-02-04 21:15:47 +03:00

Owner

Copy Link

Originally created by @jorgecarleitao on GitHub (Jul 20, 2025).

Is this a feature for the backend or frontend?

Backend

What would you like?

I would like to be able to replicate some groups from oauth2 as "teams", so that I don't need to manage the team configuration within Planka, and instead manage it centrally in my IdP.

I.e. manage not only permissions in Planka via the OIDC_ROLES_ATTRIBUTE claim, but also access to the projects via it.

Why is this needed?

In a context where RBAC is more and more managed centrally via an IdP (Entra, etc.), it makes sense to be able to e.g. pass a set of group names as OIDC_GROUPS_AS_TEAMS='[...]' that represent a set of groups that are automatically mapped to a team.

When a new token arrives, the group membership is updated according to the set of groups the user belongs to (in claim OIDC_ROLES_ATTRIBUTE)

Other information

No response

Originally created by @jorgecarleitao on GitHub (Jul 20, 2025). ### Is this a feature for the backend or frontend? Backend ### What would you like? I would like to be able to replicate some groups from oauth2 as "teams", so that I don't need to manage the team configuration within Planka, and instead manage it centrally in my IdP. I.e. manage not only permissions in Planka via the `OIDC_ROLES_ATTRIBUTE` claim, but also access to the projects via it. ### Why is this needed? In a context where RBAC is more and more managed centrally via an IdP (Entra, etc.), it makes sense to be able to e.g. pass a set of group names as `OIDC_GROUPS_AS_TEAMS='[...]'` that represent a set of groups that are automatically mapped to a team. When a new token arrives, the group membership is updated according to the set of groups the user belongs to (in claim `OIDC_ROLES_ATTRIBUTE`) ### Other information _No response_

OVERLORD added the enhancement label 2026-02-04 21:15:47 +03:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

gh-pages

planka-1.1.2

planka-1.1.1

planka-1.1.0

planka-1.0.5

planka-1.0.4

v2.0.0-rc.4

v1.26.3

planka-0.2.26

planka-1.0.3

planka-1.0.2

v2.0.0-rc.3

planka-1.0.1

planka-1.0.0

v2.0.0-rc.2

planka-0.2.25

v1.26.2

v1.26.1

planka-0.2.24

v1.26.0

planka-0.2.23

v1.25.1

planka-0.2.22

v1.25.0

planka-0.2.21

v1.24.4

planka-0.2.20

v1.24.3

planka-0.2.19

planka-0.2.18

v1.24.2

planka-0.2.17

planka-0.2.16

v1.24.1

planka-0.2.15

v1.24.0

planka-0.2.14

v1.23.5

v1.23.4

planka-0.2.13

planka-0.2.12

v1.23.3

planka-0.2.11

v1.23.2

planka-0.2.10

v1.23.1

planka-0.2.9

v1.23.0

v1.22.0

planka-0.2.8

Labels

Clear labels

bug

bug

documentation

documentation

duplicate

enhancement

good first issue

help wanted

pull-request

Mirrored from GitHub Pull Request

question

wontfix

No Label enhancement

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/planka#763