Documentation: add org info req, remove redirect caveat
The redirect caveat is being removed to avoid user confusion and is not important outside of testing.
This commit is contained in:
parent
7e580ec2b2
commit
7079bb5316
1 changed files with 4 additions and 5 deletions
|
@ -8,8 +8,7 @@ When a client redeems a refresh token through dex, dex will re-query GitHub to u
|
||||||
|
|
||||||
## Caveats
|
## Caveats
|
||||||
|
|
||||||
* The GitHub API calls dex uses requires a user to have their organization membership visibility set to public. This can be done on the ["request access from org" page][github-request-org-access] which GitHub will skip if the client app is an existing authorized application. The current workaround is as follows: the user should log into their GitHub account, go to Settings -> Authorized OAuth Apps, click 'Revoke' to revoke the application's grant, and restart the dex login process. This will force the "request access from org" page to be shown, allowing the user to request that the organization owner make their membership public.
|
* A user must explicitly [request][github-request-org-access] an [organization][github-orgs] give dex [resource access][github-approve-org-access]. Dex will not have the correct permissions to determine if the user is in that organization otherwise, and the user will not be able to log in. This request mechanism is a feature of the GitHub API.
|
||||||
* Note: GitHub [organizations][github-orgs] are different from GitHub [teams][github-teams]
|
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
|
@ -50,7 +49,7 @@ connectors:
|
||||||
- name: my-organization-with-teams
|
- name: my-organization-with-teams
|
||||||
# A white list of teams. Only include group claims for these teams.
|
# A white list of teams. Only include group claims for these teams.
|
||||||
teams:
|
teams:
|
||||||
- read-team
|
- red-team
|
||||||
- blue-team
|
- blue-team
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -93,7 +92,7 @@ connectors:
|
||||||
- name: my-organization-with-teams
|
- name: my-organization-with-teams
|
||||||
# A white list of teams. Only include group claims for these teams.
|
# A white list of teams. Only include group claims for these teams.
|
||||||
teams:
|
teams:
|
||||||
- read-team
|
- red-team
|
||||||
- blue-team
|
- blue-team
|
||||||
# Required ONLY for GitHub Enterprise.
|
# Required ONLY for GitHub Enterprise.
|
||||||
# This is the Hostname of the GitHub Enterprise account listed on the
|
# This is the Hostname of the GitHub Enterprise account listed on the
|
||||||
|
@ -106,5 +105,5 @@ connectors:
|
||||||
|
|
||||||
[github-oauth2]: https://github.com/settings/applications/new
|
[github-oauth2]: https://github.com/settings/applications/new
|
||||||
[github-orgs]: https://developer.github.com/v3/orgs/
|
[github-orgs]: https://developer.github.com/v3/orgs/
|
||||||
[github-teams]: https://developer.github.com/v3/orgs/teams/
|
|
||||||
[github-request-org-access]: https://help.github.com/articles/requesting-organization-approval-for-oauth-apps/
|
[github-request-org-access]: https://help.github.com/articles/requesting-organization-approval-for-oauth-apps/
|
||||||
|
[github-approve-org-access]: https://help.github.com/articles/approving-oauth-apps-for-your-organization/
|
||||||
|
|
Reference in a new issue