starred/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-02-05 00:39:38 +03:00
Code Issues 61 Packages Projects Releases 10 Wiki Activity

🚀 Feature: Per-client group mappings #566

New Issue
Closed
opened 2026-02-04 20:29:25 +03:00 by OVERLORD · 1 comment
OVERLORD commented 2026-02-04 20:29:25 +03:00
Owner
Copy Link

Originally created by @jc0b on GitHub (Dec 13, 2025).

Feature description

It should be possible to map group names to different values in the groups claim.
So, if you had a group in Pocket ID with name app_proxmox_admin, you would be able to (in the OIDC client settings) be able to specify that it should be passed with a different name through in the groups claim.

Pitch

Some applications expect specific groups to be passed in the groups claim for roles. For example, they expect that you are a member of the group admin to give you an admin role.

If you have a naming convention, then you suddenly have to break from this convention for one app. This could be circumvented with the mappings.

Originally created by @jc0b on GitHub (Dec 13, 2025). ### Feature description It should be possible to map group names to different values in the `groups` claim. So, if you had a group in Pocket ID with name `app_proxmox_admin`, you would be able to (in the OIDC client settings) be able to specify that it should be passed with a different name through in the `groups` claim. ### Pitch Some applications expect specific groups to be passed in the groups claim for roles. For example, they expect that you are a member of the group `admin` to give you an admin role. If you have a naming convention, then you suddenly have to break from this convention for one app. This could be circumvented with the mappings.
OVERLORD commented 2026-02-04 20:29:34 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub (Dec 21, 2025):

Tbh this feels like something that should be addressed on the OIDC client side. All OIDC clients I'm using allow you to configure which group users need to belong to in order to receive admin privileges, and that’s the correct place for this logic.

Implementing it on our side would essentially mean introducing a workaround for a design issue in the client rather than solving the root cause. Because of that, we don’t plan to implement this.

@stonith404 commented on GitHub (Dec 21, 2025): Tbh this feels like something that should be addressed on the OIDC client side. All OIDC clients I'm using allow you to configure which group users need to belong to in order to receive admin privileges, and that’s the correct place for this logic. Implementing it on our side would essentially mean introducing a workaround for a design issue in the client rather than solving the root cause. Because of that, we don’t plan to implement this.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
bug
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id#566
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?