Set restricted or admin is performed after the second user login via OIDC auth #32566
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
The parameters "Group Claim value for administrator users" (admin-group) and "Group Claim value for restricted users" (restricted-group) work only when the user logs in for the second time. When a user logs in for the first time after registration, the user parameters "Is Administrator" and "Is Restricted" are not set, but are set when the user logs out and logs in again.
The behavior is a little similar to #26415, but it concerns the assignment to organizational teams.
I'm checking on v1.22.3 from the gitea/gitea:latest-rootless docker image and KeyCloak v26.0.5 as an OIDC provider.
Gitea Version
1.22.3
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
https://gist.github.com/evgnblkn/ed964e56a5c9531e5b7200647cb3c064
Screenshots
from Gitea Authentication Source:
In the Keycloak settings "Client scopes" I added a dedicated mapper with the type "User Realm Role"
Created realm roles
...and added these roles to the user
Git Version
No response
Operating System
No response
How are you running Gitea?
I'm checking on v1.22.3 from the gitea/gitea:latest-rootless docker image.
Database
PostgreSQL
The text was updated successfully, but these errors were encountered: