Allow limiting OpenID Connect auth to a list of users.

2024-08-30 18:22:48 +00:00 · 2020-05-22 17:01:22 -05:00 · 2020-05-22 17:01:22 -05:00 · daf399163c
commit daf399163c
parent cdf702e545
1 changed files with 21 additions and 0 deletions
--- a/backend/templates/_openid_connect.conf
+++ b/backend/templates/_openid_connect.conf
@ -18,6 +18,27 @@
            ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
        end

+        {% if openidc_restrict_users_enabled -%}
+        local function contains(table, val)
+            for i=1,#table do
+                if table[i] == val then 
+                    return true
+                end
+            end
+            return false
+        end
+
+        local allowed_users = {
+            {% for user in openidc_allowed_users %}
+                "{{ user }}",
+            {% endfor %}
+        }
+
+        if not contains(allowed_users, res.id_token.email) then
+            ngx.exit(ngx.HTTP_FORBIDDEN)
+        end
+        {% endif -%}
+        

        ngx.req.set_header("X-OIDC-SUB", res.id_token.sub)
        ngx.req.set_header("X-OIDC-EMAIL", res.id_token.email)