Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a Post-Login Action for adding MinIO-friendly policy claims #19

Open
4 tasks done
mblomdahl opened this issue Apr 12, 2024 · 0 comments · May be fixed by #20
Open
4 tasks done

Add a Post-Login Action for adding MinIO-friendly policy claims #19

mblomdahl opened this issue Apr 12, 2024 · 0 comments · May be fixed by #20

Comments

@mblomdahl
Copy link

Checklist

  • I have looked into the Readme, and Contributing guide and have not found a suitable solution or answer.
  • I have searched the issues and have not found a suitable solution or answer.
  • I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

I want my users to be able to login to MinIO Console with social connection and get the appropriate permissions' policy attached to their user profiles.

Describe the ideal solution

I would like my Auth0 tenant to apply some logic that allows me to map users to policies in MinIO and propagate this authorization to the MinIO application. I would also like to have a default low-privilege policy assignment for random strangers.

Alternatives and current workarounds

I can use the current role-creation-POST_LOGIN template to assign the same role to all known users. The downside of this is ...

  1. I would also like to have a OpenID integration with Kubernetes (I want to be able to authenticate with Kubernetes as me, via OpenID/SSO OwnTube-tv/minio-microk8s-ansible#12) and having this "one special group" and no JWT Claim prefix/namespacing makes it hard to use side-by-side with MinIO JWT Claims
  2. I'd like to add different special users to different policies, not all should be granted the same (me, for example, I want to be an admin, but my friends should only have read-write permissions)
  3. There is no graceful way to make unknown users/bots/strangers be allowed to login to a fallback read-only role

Additional context

I'm trying to complete this ticket, OwnTube-tv/minio-microk8s-ansible#10
mblomdahl added a commit to mblomdahl/opensource-marketplace that referenced this issue Apr 15, 2024
@mblomdahl
Add Post-Login Action for MinIO Policy Claims
ac0dbcd 
This PR adds a new post-login type action for adding a custom claim with MinIO policies for different users.

Tested and verified with https://minio.owntube.tv, related to OwnTube-tv/minio-microk8s-ansible#10

Resolves auth0#19
@mblomdahl mblomdahl linked a pull request Apr 15, 2024 that will close this issue
Open
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Add Post-Login Action for MinIO Policy Claims mblomdahl/opensource-marketplace
1 participant
@mblomdahl