From 65dbf41a014928c03be2a28a2ef97c5c014b7bae Mon Sep 17 00:00:00 2001 From: Kamal Galrani Date: Wed, 25 Oct 2023 13:55:21 +0200 Subject: [PATCH] Disable azuread roles sync --- pkg/login/social/azuread_oauth.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkg/login/social/azuread_oauth.go b/pkg/login/social/azuread_oauth.go index 9ce173b65f..3f000411db 100644 --- a/pkg/login/social/azuread_oauth.go +++ b/pkg/login/social/azuread_oauth.go @@ -69,8 +69,8 @@ func (s *SocialAzureAD) UserInfo(client *http.Client, token *oauth2.Token) (*Bas return nil, errors.New("error getting user info: no email found in access token") } - role := extractRole(claims, s.autoAssignOrgRole) - logger.Debug("AzureAD OAuth: extracted role", "email", email, "role", role) + /* role := extractRole(claims, s.autoAssignOrgRole) + logger.Debug("AzureAD OAuth: extracted role", "email", email, "role", role) */ groups, err := extractGroups(client, claims, token) if err != nil { @@ -87,7 +87,7 @@ func (s *SocialAzureAD) UserInfo(client *http.Client, token *oauth2.Token) (*Bas Name: claims.Name, Email: email, Login: email, - Role: string(role), + Role: "", /* string(role), */ Groups: groups, }, nil } @@ -117,7 +117,7 @@ func extractEmail(claims azureClaims) string { return claims.Email } - +/* func extractRole(claims azureClaims, autoAssignRole string) models.RoleType { if len(claims.Roles) == 0 { return models.RoleType(autoAssignRole) @@ -146,7 +146,7 @@ func hasRole(roles []string, role models.RoleType) bool { } return false } - +*/ type getAzureGroupRequest struct { SecurityEnabledOnly bool `json:"securityEnabledOnly"` }