oauth2-proxy groups claim
I'm trying to do the oauth2_proxy allowed_groups bit from the guide https://zitadel.com/docs/examples/identity-proxy/oauth2-proxy#check-for-groups but i cant seem to figure out how to get the custom_roles.js to work
looking at the source of
custom_roles.js it looks like for the oidc_groups_claim i want to use my:zitadel:grants and then in allowed_groups it looks like i want to use <projectid>:rolename where <projectid is the value resource id from the project but i just get permission denied
is there some place i can see what those claims would be for debugging purposes?ZITADEL Docs
OAuth2-proxy is a project which allows services to delegate the authentication flow to a IDP, for example ZITADEL
1 Reply
For posterity, I figured this out the name of the action must match the function you wish to call so I renamed my action to
flatRoles I was also able to place a container running mendhak/http-https-echo behind this oauth2-proxy instance to see what headers i got, i forget which header i used but one of them had the jwt token from oauth2-proxy so I could inspect