OpenID Connect group restrictions?

Peter Newman

Is there, or is there planned to be, a way to restrict an OpenID Connect provider to members of a certain group?

Specifically, we have a web site hosted outside of Cloudron, that it would be great to use our Cloudron accounts to control user access to. OpenID Connect (and other OAuth variants) are supported, so Cloudron just coming out with a Provider, is promising. But we want to restrict it to a particular group of users.

nebulon

The oidc addon for apps already has group restriction support, however for external apps, this is not implemented. Technically it can be added so I will move this thread to feature requests section.

krumel

Is there any update on this? The current system of allowing all users is a bit suboptimal.

joseph

@krumel which app ? group restrictions (roles/permissions) are applied inside the app's configuration, so it really depends if the app supports this.

nebulon

I think the feature request is for the OpenID provider feature, so external apps can be setup to use the Cloudron. For this we have to implement a group/user access restriction in the OpenID external client settings.

joseph

@nebulon ah, "web site hosted outside of Cloudron" . So this is for app proxy?

@krumel you are also using app proxy?

krumel

I am also using app proxy,but my question is unrelated to that, nebulon has already noted the intended use Peter (and now I) meant.