--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_groups_oidc/README.md Thu Jun 01 18:32:59 2023 +0200
@@ -0,0 +1,11 @@
+---
+summary: OIDC group membership in UserInfo
+labels:
+- Stage-Alpha
+rockspec:
+ dependencies:
+ - mod_http_oauth2 >= 200
+---
+
+This module exposes [mod_groups_internal] groups to
+[OAuth 2.0][mod_http_oauth2] clients via a `groups` scope/claim.
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_groups_oidc/mod_groups_oidc.lua Thu Jun 01 18:32:59 2023 +0200
@@ -0,0 +1,15 @@
+local array = require "util.array";
+
+module:add_item("openid-claim", "groups");
+
+local group_memberships = module:open_store("groups", "map");
+local function user_groups(username)
+ return pairs(group_memberships:get_all(username) or {});
+end
+
+module:hook("token/userinfo", function(event)
+ local userinfo = event.userinfo;
+ if event.claims:contains("groups") then
+ userinfo.groups = array(user_groups(event.username));
+ end
+end);