Teaching an old RT::Authen::OAuth2 new tricks

I’ve recently updated our site to use SSO with Authentik.

Current RT::Authen::OAuth2 worked, but it was a bit limited. So I’ve added a few new features, for example:

  • Manage RT’s groups if the Identity Provider supports groups.
  • Set static groups for newly created users if groups are not supported.
  • Supports different settings for different groups (or no groups).
  • Option to require users to be in specified groups to be able to log in.
  • Option to remove user’s existing RT password after a successful OAuth login (So login is only then possible via OAuth, not with username/password.
  • Less awkward config changing from defaults.
  • Other improvements

Would appreciate some feedback/testing.

Rob

2 Likes