github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-03-11 08:15:00 -05:00
Code Issues 308 Packages Projects Releases 100 Wiki Activity

Support Custom Roles/Claims with OIDC #2366

New Issue
Closed
opened 2025-11-11 15:05:48 -06:00 by GiteaMirror · 2 comments
GiteaMirror commented 2025-11-11 15:05:48 -06:00
Owner
Copy Link

Originally created by @ncecere on GitHub (Oct 12, 2024).

Adding the ability to define and pass in custom claims for auth would enable AuthZ support for the application. Login and access could be scoped to a subset of users instead of an entire organization. This could also be used with the #2924 request since user could be assigned to specific groups at login instead of being assigned by administrators.

Originally created by @ncecere on GitHub (Oct 12, 2024). Adding the ability to define and pass in custom claims for auth would enable AuthZ support for the application. Login and access could be scoped to a subset of users instead of an entire organization. This could also be used with the #2924 request since user could be assigned to specific groups at login instead of being assigned by administrators.
GiteaMirror commented 2025-11-11 15:05:49 -06:00
Author
Owner
Copy Link

@hubby2004 commented on GitHub (Oct 12, 2024):

This will be a great feature if we can restrict access based on a specific attribute and its value. For instance, we can release an eduPersonEntitlement attribute as part of the OIDC flow and have the open webui allow only those whose eduPersonEntitlement value contains a specific string. EduPersonEntitlement is a multi value attribute so supporting a list solves the issue of single and multi value attributes.

@hubby2004 commented on GitHub (Oct 12, 2024): This will be a great feature if we can restrict access based on a specific attribute and its value. For instance, we can release an eduPersonEntitlement attribute as part of the OIDC flow and have the open webui allow only those whose eduPersonEntitlement value contains a specific string. EduPersonEntitlement is a multi value attribute so supporting a list solves the issue of single and multi value attributes.
GiteaMirror commented 2025-11-11 15:05:49 -06:00
Author
Owner
Copy Link

@ncecere commented on GitHub (Oct 12, 2024):

I think it would need to be added around here but I'm not 100% sure. And think this would also solve the feature in #4858 that @atnjqt opened.

@ncecere commented on GitHub (Oct 12, 2024): I think it would need to be added around [here](https://github.com/open-webui/open-webui/blob/e8babe62bc8e466be0367703fd062a981f5c2394/backend/open_webui/main.py#L2262) but I'm not 100% sure. And think this would also solve the feature in #4858 that @atnjqt opened.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#2366
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?