Support Google Workspace groups retrieval when using Google as OIDC #4706
Labels
enhancement
New feature or request
Comments
|
For those looking for thia feature, we have created a little syncer for this: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
I'm always frustrated when using Google Oauth2 client as OIDC due to groups are not included in the JWT
Describe the solution you'd like
The exact same as you use in Hashicorp Vault. Basically, use a Google Service Account to access Admin Console API (gsuite, google workspace) and retrieve the groups for a user to bind them to boundary roles internally
Describe alternatives you've considered
Craft a complete proxy that intercepts the JWTs and inject some custom claims, and then resign the token. But i'm not sure if this is completely possible
Explain any additional use-cases
n/a
Additional context
Most companies out there use groups as separator in Google Workspace for employees when using Google as cloud provider... Completely agree this is Google's blame, but please, could you support the same that you support on Vault? 🙏🏼
The text was updated successfully, but these errors were encountered: