Skip to content

OIDC Group claims will not remove users from groups if they belong to 0 groups #6545

New issue
New issue
Closed
#6546
Closed
OIDC Group claims will not remove users from groups if they belong to 0 groups#6545
#6546
Assignees
Emyrk
Labels
s1Bugs that break core workflows. Only humans may set this.
@Emyrk

Description

@Emyrk
Emyrk
opened on Mar 10, 2023

The current logic sets the user's groups at their OIDC login. If the OIDC claim has 0 groups listed (AKA no groups), then nothing happens. We need to support removing someone from all groups.

coder/coderd/userauth.go

Lines 867 to 874 in 2abae42

// Ensure groups are correct.
if len(params.Groups) > 0 {
//nolint:gocritic
err := api.Options.SetUserGroups(dbauthz.AsSystemRestricted(ctx), tx, user.ID, params.Groups)
if err != nil {
return xerrors.Errorf("set user groups: %w", err)
}
}

Metadata

Metadata

Assignees

Labels

s1Bugs that break core workflows. Only humans may set this.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions