Hello,

I would like to ask more about the OIDS (oAuth) External login provider for Corteza.

We are using Authentik in our company, so I want to connect it. I was able to do it, but there are some issues I would love to solve.

1. Select from what the user Handle is created

Now, the handle is created from the full name of the user but escaping all non-english characters, I would love to switch it to a username, so it is the same for all users across all platforms. The usernamer is in the JWT payload.

2. Can I somehow sync roles/groups from OIDC (authentik) to Corteza? Again, groups are part of the JWT payload, so it should be doable to pair my roles to Corteza roles. For example, I want to pair my “admin” group with “super-admin” role i Corteza.

Here is an example of the JW payload for my account (sensitive data redacted):

{
    "iss": "https://authentik.tld/application/o/appid/",
    "sub": "simonc",
    "aud": "3sf74VIt1GKwdfsdffVirkwGsdvcvQLTUpeEQWPhD2XNcd",
    "exp": 11111,
    "iat": 1111,
    "auth_time": 1716906781,
    "acr": "goauthentik.io/providers/oauth2/default",
    "amr": [
        "pwd",
        "mfa"
    ],
    "email": "simon.cechacek@artevio.com",
    "email_verified": true,
    "name": "Šimon Čecháček",
    "given_name": "Šimon Čecháček",
    "preferred_username": "simonc",
    "nickname": "simonc",
    "groups": [
        "admin",
        "infra"
    ],
    "username": "simonc"
}

Can you please help me makes this work, so we can simply integrate Corteza to our workflow? Thank you!

Hi Simon

I am also using Authentik and would like to authenticate Corteza with Authentik OIDC. Can you list the steps you used to get this to work?

Hi @simonc ,

this is currently not possible as we do not have an existing mechanism to dynamically change the JIT .
We could enable the support for this either via a new event in workflows or some kind of settings in admin.

We are ofc up for debate and gladly accept code contributions.
You can open a discussion about it here: cortezaproject · Discussions · GitHub