feat: oauth role claim (#19758)

2026-01-05 09:37:32 -08:00 · 2025-07-07 00:45:32 +02:00
parent 2f5d75ce21
commit 4ce9bce414
13 changed files with 160 additions and 3 deletions
--- a/e2e/src/setup/auth-server.ts
+++ b/e2e/src/setup/auth-server.ts
@@ -12,6 +12,7 @@ export enum OAuthUser {
  NO_NAME = 'no-name',
  WITH_QUOTA = 'with-quota',
  WITH_USERNAME = 'with-username',
+  WITH_ROLE = 'with-role',
 }

 const claims = [
@@ -34,6 +35,12 @@ const claims = [
    preferred_username: 'user-quota',
    immich_quota: 25,
  },
+  {
+    sub: OAuthUser.WITH_ROLE,
+    email: 'oauth-with-role@immich.app',
+    email_verified: true,
+    immich_role: 'admin',
+  },
 ];

 const withDefaultClaims = (sub: string) => ({
@@ -64,7 +71,15 @@ const setup = async () => {
    claims: {
      openid: ['sub'],
      email: ['email', 'email_verified'],
-      profile: ['name', 'given_name', 'family_name', 'preferred_username', 'immich_quota', 'immich_username'],
+      profile: [
+        'name',
+        'given_name',
+        'family_name',
+        'preferred_username',
+        'immich_quota',
+        'immich_username',
+        'immich_role',
+      ],
    },
    features: {
      jwtUserinfo: {