fix(oidc): restore old user matching behavior

2026-01-11 22:30:47 +01:00 · 2025-05-25 09:14:54 +08:00
parent f0ab14cb1e
commit 82ee75daab
1 changed files with 4 additions and 3 deletions
--- a/internal/auth/oidc.go
+++ b/internal/auth/oidc.go
@@ -201,11 +201,12 @@ func parseClaims(idToken *oidc.IDToken) (*IDTokenClaims, error) {

 func (auth *OIDCProvider) checkAllowed(user string, groups []string) bool {
 	userAllowed := slices.Contains(auth.allowedUsers, user)
-	if !userAllowed {
-		return false
+	if userAllowed {
+		return true
 	}
 	if len(auth.allowedGroups) == 0 {
-		return true
+		// user is not allowed, but no groups are allowed
+		return false
 	}
 	return len(utils.Intersect(groups, auth.allowedGroups)) > 0
 }