Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request | Role Claim and Role assignment for Oauth2 #159

Open
nerddotdad opened this issue Aug 9, 2024 · 1 comment
Open

Feature Request | Role Claim and Role assignment for Oauth2 #159

nerddotdad opened this issue Aug 9, 2024 · 1 comment

Comments

@nerddotdad
Copy link

Firstly I want to say thank you for this awesome plugin it's done wonders for my little site!

I currently leverage authentik for my authentication provider and I was hoping that role claim could be implemented in the application. In another application I use it's implemented fairly well so I'll include screenshots of their UI to help provide some context.

This would be incredibly useful as it would provide me the ability to manage all roles in my wordpress site from my provider and therefore leverage roles in my provider across all my various services.

Screenshot from 2024-08-09 07-53-14
Screenshot from 2024-08-09 07-52-33

@figureone
Copy link
Member

We do have a longstanding meta thread to bring this functionality into the UI for easier control: #75
These screenshots help to provide an example UI for the eventual feature, thanks!

That said, you can currently accomplish this by hooking into authorizer_custom_role and define the role mappings there. Here is some documentation specific to our institution, but with some minor changes it should work the same for you: https://github.com/uhm-coe/authorizer/wiki/Integrating-WordPress-Roles-with-UH-Groupings#step-4-add-your-integration-code-to-your-wordpress-theme
You might also need to hook into authorizer_oauth2_generic_authorization_parameters if an extra scope is needed to fetch the role bases: https://github.com/uhm-coe/authorizer/blob/master/src/authorizer/class-authentication.php#L557-L565
For example, something like this:

add_filter( 'authorizer_oauth2_generic_authorization_parameters', function ( $params ) {
	$params['scope'] = 'groups';
	return $params;
} );

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants