feat: add User ID Claim field to OIDC admin config UI

New input in the Claim Mapping section lets admins configure which id_token claim is used as the unique user identifier (default: sub). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 10:19:38 +02:00
parent a96cf2afed
commit 0c77f8d594
2 changed files with 12 additions and 0 deletions
--- a/ui/src/api/schema.d.ts
+++ b/ui/src/api/schema.d.ts
@@ -1444,6 +1444,7 @@ export interface components {
            defaultRoles?: string[];
            autoSignup?: boolean;
            displayNameClaim?: string;
+            userIdClaim?: string;
        };
        /** @description Error response */
        ErrorResponse: {
@@ -1460,6 +1461,7 @@ export interface components {
            defaultRoles?: string[];
            autoSignup?: boolean;
            displayNameClaim?: string;
+            userIdClaim?: string;
        };
        UpdateGroupRequest: {
            name?: string;
--- a/ui/src/pages/Admin/OidcConfigPage.tsx
+++ b/ui/src/pages/Admin/OidcConfigPage.tsx
@@ -14,6 +14,7 @@ interface OidcFormData {
  clientSecret: string;
  rolesClaim: string;
  displayNameClaim: string;
+  userIdClaim: string;
  defaultRoles: string[];
 }

@@ -25,6 +26,7 @@ const EMPTY_CONFIG: OidcFormData = {
  clientSecret: '',
  rolesClaim: 'roles',
  displayNameClaim: 'name',
+  userIdClaim: 'sub',
  defaultRoles: ['VIEWER'],
 };

@@ -47,6 +49,7 @@ export default function OidcConfigPage() {
        clientSecret: data.clientSecret ?? '',
        rolesClaim: data.rolesClaim ?? 'roles',
        displayNameClaim: data.displayNameClaim ?? 'name',
+        userIdClaim: data.userIdClaim ?? 'sub',
        defaultRoles: data.defaultRoles ?? ['VIEWER'],
      }))
      .catch(() => setForm(EMPTY_CONFIG));
@@ -184,6 +187,13 @@ export default function OidcConfigPage() {
            onChange={(e) => update('rolesClaim', e.target.value)}
          />
        </FormField>
+        <FormField label="User ID Claim" htmlFor="userid-claim" hint="Claim used as unique user identifier (default: sub)">
+          <Input
+            id="userid-claim"
+            value={form.userIdClaim}
+            onChange={(e) => update('userIdClaim', e.target.value)}
+          />
+        </FormField>
        <FormField label="Display Name Claim" htmlFor="name-claim" hint="Claim used for user display name">
          <Input
            id="name-claim"