From 9bf448be7aa5e2468d5a6302d7c37ebad0f84176 Mon Sep 17 00:00:00 2001
From: 9p4 <vcs@ersei.net>
Date: Tue, 27 Feb 2024 10:07:29 -0500
Subject: [feature/oidc] Add support for very basic RBAC (#2642)

* Add support for very basic RBAC

* Add some small tests for allowedGroup and adminGroup

* Switch to table-driven tests
---
 docs/configuration/oidc.md | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'docs/configuration')

diff --git a/docs/configuration/oidc.md b/docs/configuration/oidc.md
index b30cd8410..482c0fa3f 100644
--- a/docs/configuration/oidc.md
+++ b/docs/configuration/oidc.md
@@ -79,6 +79,12 @@ oidc-scopes:
 # Default: false
 oidc-link-existing: false
 
+# Array of string. If the returned ID token contains a 'groups' claim that matches one of the
+# groups in oidc-allowed-groups, then this user will be granted access on the GtS instance. If the array is empty,
+# then all groups will be granted permission.
+# Default: []
+oidc-allowed-groups: []
+
 # Array of string. If the returned ID token contains a 'groups' claim that matches one of the
 # groups in oidc-admin-groups, then this user will be granted admin rights on the GtS instance
 # Default: []
-- 
cgit v1.2.3