Add configurable group names for roles (#17)

2025-01-05 22:24:48 +01:00
parent 2131fe5d36
commit 00da053f50
8 changed files with 59 additions and 12 deletions
--- a/custom_components/auth_oidc/config.py
+++ b/custom_components/auth_oidc/config.py
@@ -15,6 +15,9 @@ CLAIMS = "claims"
 CLAIMS_DISPLAY_NAME = "display_name"
 CLAIMS_USERNAME = "username"
 CLAIMS_GROUPS = "groups"
+ROLES = "roles"
+ROLE_ADMINS = "admin"
+ROLE_USERS = "user"

 DEFAULT_TITLE = "OpenID Connect (SSO)"

@@ -63,6 +66,18 @@ CONFIG_SCHEMA = vol.Schema(
                        vol.Optional(CLAIMS_GROUPS): vol.Coerce(str),
                    }
                ),
+                # Determine which specific group values will be mapped to which roles
+                # Optional, defaults user = null, admin = 'admins'
+                # If user role is set, users that do not have either will be rejected!
+                vol.Optional(ROLES): vol.Schema(
+                    {
+                        # Which group name should we use to assign the user role?
+                        vol.Optional(ROLE_USERS): vol.Coerce(str),
+                        # What group name should we use to assign the admin role?
+                        # Defaults to admins
+                        vol.Optional(ROLE_ADMINS): vol.Coerce(str),
+                    }
+                ),
            }
        )
    },