Skip to content

question: can the access-groups for apps be used for authorization with the various IDPs providing authentication #557

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
damianslee opened this issue Apr 29, 2025 · 1 comment
Open

question: can the access-groups for apps be used for authorization with the various IDPs providing authentication #557

damianslee opened this issue Apr 29, 2025 · 1 comment

Comments

@damianslee
Copy link

Hi,
couldn't work if this is supported from the documentation

if i am using SAML or Oauth2 for sign on to shiny proxy, can i use the users UPN/email in application.yml access-groups, access-users, users config (without password) to manage authorization of apps?

thanks
@damianslee
Copy link
Author

i did some testing. using oauth, its possible to use the config fields "admin-users" and "access-users" in the apps to restrict access.

the users: groups don't work, which i kind of expect.

nice to have if we could get and configure oauth users display name as well as user identifying attribute like "sub". EntraID oauth doco says preferred_username shouldn't be used. "sub" is a string of hex characters so it affects the name displayed in the UI.
eg
proxy.oauth2.username-attribute
proxy.oauth2.displayname-attribute

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@damianslee