Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-09-08 12:06:51 +08:00
Code Packages Activity Actions 1

Use service account credentials for fetching google hd groups (#18329)

Browse source 
The previous implementation would attempt to fetch groups using the end-user's Google auth token. This only worked for admin accounts, or users with 'delegated' access to the `admin.directory.group.readonly` API.

This commit changes the approach to use a single 'service account' for fetching the groups. This removes the need to add permissions to all regular user accounts. I'll be updating the [meta docs](https://meta.discourse.org/t/226850) with instructions on setting up the service account.

This is technically a breaking change in behavior, but the existing implementation was marked experimental, and is currently unusable in production google workspace environments.
This commit is contained in:
David Taylor 2022-10-13 16:04:42 +01:00 committed by GitHub
parent 45f93ae75d
commit e0a6d12c55
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 196 additions and 199 deletions
Download patch file Download diff file Expand all files Collapse all files

1
lib/auth.rb
View file

@ -6,7 +6,6 @@ require 'auth/auth_provider'
require 'auth/result'
require 'auth/authenticator'
require 'auth/managed_authenticator'
require 'auth/omniauth_strategies/discourse_google_oauth2'
require 'auth/facebook_authenticator'
require 'auth/github_authenticator'
require 'auth/twitter_authenticator'