Skip to content

[0.5.0][Stretch] OIDC claim to role/principal mapping #312

Description

@erichare

Stretch goal (pull in if the quarter allows) — highest leverage for the RLAC flagship.

Goal

Make RLAC usable without manual principal setup by mapping identity claims to roles/principals.

Scope

  • Map OIDC groups/claims → workspace roles + RLAC principals; reserved groups attribute on ResolvedPrincipal. Optional SCIM provisioning.

Key files

runtimes/typescript/src/auth/oidc/*, runtimes/typescript/src/auth/principal-resolver.ts

Depends on: RLAC P2

Metadata

Metadata

Assignees

No one assigned

    Labels

    0.5.0AI Workbench 0.5.0 — Enterprise Access Control releaseepic:rlacFeature ①: RLAC enforcement (flagship)securitySecurity hardening or vulnerabilitystretchStretch goal — pull in if the quarter allows

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions