MediaWiki 1.41.0 (62e7aef)
OpenID Connect 7.0.2 (c515880)
PluggableAuth 7.0.0 (2d86d50)
PHP 8.2.17 (apache2handler)
ICU 72.1
PostgreSQL 16.0
I'm unclear on the correct way to reference field in the access_token from the OIDC payload and assign them to the default roles in mediaWiki using groupsyncs. I have the following defined in LocalSettings.php. below that I have the access_token example pulled from the jwt. Logging in works great. But auto-assigning users that have thefieldwithrole to a group doesn't seem to be working.
Any insight into what I might be doing wrong?
$wgPluggableAuth_Config[] = [
'plugin' => 'OpenIDConnect',
'data' => [
.......
],
'groupsyncs' => [
[
'type' => 'mapped',
'map' => [
'users' => [ 'thefieldwithrole' => 'roleA' ],
'sysop' => [ 'thefieldwithrole' => 'roleB' ]
]
]
]
];
Example Access_Token pulled from jwt payload:
{
"thefieldwithrole" : "roleA",
"aud" : "omitted",
"authorization_details": [],
"client_id" : "theclientid",
"client_key" : "theclientkey",
"Email" : "someemailaddress",
"exp" : 1234567890
"first_name" : "first",
"iss" : "omitted",
"jti" : "xf8i7vW",
"last_name" : "last",
"login" : "12345678",
"Organization" : "theorg",
"samaccountname" : "12345678",
"scope" : "openid profile",
"sub" : "12345678",
"subject" : "12345678",
"uid" : "12345678",
"userid" : "12345678",
"userId" : "12345678",
}