diff --git a/app/(dashboard)/oidc/page.tsx b/app/(dashboard)/oidc/page.tsx
index e91299a..4ea8956 100644
--- a/app/(dashboard)/oidc/page.tsx
+++ b/app/(dashboard)/oidc/page.tsx
@@ -39,6 +39,7 @@ function providerToFormValues(provider: OidcConfigProvider): OidcProviderFormVal
claim_prefix: provider.claim_prefix,
role_policy: provider.role_policy,
groups_claim: provider.groups_claim,
+ roles_claim: provider.roles_claim ?? "",
email_claim: provider.email_claim,
username_claim: provider.username_claim,
}
@@ -130,6 +131,7 @@ function buildSavePayload(values: OidcProviderFormValues): SaveOidcConfigPayload
claim_prefix: trimOrEmpty(values.claim_prefix),
role_policy: trimOrEmpty(values.role_policy),
groups_claim: trimOrEmpty(values.groups_claim),
+ roles_claim: trimOrEmpty(values.roles_claim),
email_claim: trimOrEmpty(values.email_claim),
username_claim: trimOrEmpty(values.username_claim),
}
diff --git a/components/oidc/form.tsx b/components/oidc/form.tsx
index 25cfc0a..6475250 100644
--- a/components/oidc/form.tsx
+++ b/components/oidc/form.tsx
@@ -340,6 +340,22 @@ export function OidcForm({
+
+ {t("Roles Claim")}
+
+ onChange("roles_claim", event.target.value)}
+ placeholder="roles"
+ disabled={isReadOnly}
+ />
+
+
+ {t("Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.")}
+
+
+
{t("Email Claim")}
diff --git a/i18n/locales/ar-MA.json b/i18n/locales/ar-MA.json
index 2b59396..c480c19 100644
--- a/i18n/locales/ar-MA.json
+++ b/i18n/locales/ar-MA.json
@@ -1059,6 +1059,8 @@
"Failed to save OIDC provider": "فشل حفظ موفر OIDC",
"Failed to validate OIDC configuration": "فشل التحقق من إعدادات OIDC",
"Groups Claim": "مطالبة المجموعات",
+ "Roles Claim": "Roles Claim",
+ "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.": "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.",
"Issuer": "الجهة المصدّرة",
"Leave empty to keep current secret": "اتركه فارغًا للاحتفاظ بالسر الحالي",
"Loading...": "جارٍ التحميل...",
diff --git a/i18n/locales/de-DE.json b/i18n/locales/de-DE.json
index 0e42bc2..078a32b 100644
--- a/i18n/locales/de-DE.json
+++ b/i18n/locales/de-DE.json
@@ -1072,6 +1072,8 @@
"Failed to save OIDC provider": "OIDC-Anbieter konnte nicht gespeichert werden",
"Failed to validate OIDC configuration": "OIDC-Konfiguration konnte nicht validiert werden",
"Groups Claim": "Gruppen-Claim",
+ "Roles Claim": "Roles Claim",
+ "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.": "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.",
"Issuer": "Aussteller",
"Leave empty to keep current secret": "Leer lassen, um das aktuelle Secret beizubehalten",
"Loading...": "Wird geladen...",
diff --git a/i18n/locales/en-US.json b/i18n/locales/en-US.json
index 90806a3..aba4bd0 100644
--- a/i18n/locales/en-US.json
+++ b/i18n/locales/en-US.json
@@ -930,6 +930,8 @@
"Failed to save OIDC provider": "Failed to save OIDC provider",
"Failed to validate OIDC configuration": "Failed to validate OIDC configuration",
"Groups Claim": "Groups Claim",
+ "Roles Claim": "Roles Claim",
+ "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.": "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.",
"Issuer": "Issuer",
"Leave empty to keep current secret": "Leave empty to keep current secret",
"Loading...": "Loading...",
diff --git a/i18n/locales/es-ES.json b/i18n/locales/es-ES.json
index c5271d0..e4cd536 100644
--- a/i18n/locales/es-ES.json
+++ b/i18n/locales/es-ES.json
@@ -1081,6 +1081,8 @@
"Failed to save OIDC provider": "No se pudo guardar el proveedor OIDC",
"Failed to validate OIDC configuration": "No se pudo validar la configuración OIDC",
"Groups Claim": "Claim de grupos",
+ "Roles Claim": "Roles Claim",
+ "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.": "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.",
"Issuer": "Emisor",
"Leave empty to keep current secret": "Déjelo vacío para conservar el secreto actual",
"Loading...": "Cargando...",
diff --git a/i18n/locales/fr-FR.json b/i18n/locales/fr-FR.json
index c0a2f3b..b9e1ad3 100644
--- a/i18n/locales/fr-FR.json
+++ b/i18n/locales/fr-FR.json
@@ -1083,6 +1083,8 @@
"Failed to save OIDC provider": "Échec de l'enregistrement du fournisseur OIDC",
"Failed to validate OIDC configuration": "Échec de la validation de la configuration OIDC",
"Groups Claim": "Claim des groupes",
+ "Roles Claim": "Roles Claim",
+ "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.": "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.",
"Issuer": "Émetteur",
"Leave empty to keep current secret": "Laissez vide pour conserver le secret actuel",
"Loading...": "Chargement...",
diff --git a/i18n/locales/id-ID.json b/i18n/locales/id-ID.json
index 93a0c39..42f38a6 100644
--- a/i18n/locales/id-ID.json
+++ b/i18n/locales/id-ID.json
@@ -1081,6 +1081,8 @@
"Failed to save OIDC provider": "Gagal menyimpan penyedia OIDC",
"Failed to validate OIDC configuration": "Gagal memvalidasi konfigurasi OIDC",
"Groups Claim": "Claim Grup",
+ "Roles Claim": "Roles Claim",
+ "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.": "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.",
"Issuer": "Penerbit",
"Leave empty to keep current secret": "Biarkan kosong untuk mempertahankan secret saat ini",
"Loading...": "Memuat...",
diff --git a/i18n/locales/it-IT.json b/i18n/locales/it-IT.json
index a375de2..f98b620 100644
--- a/i18n/locales/it-IT.json
+++ b/i18n/locales/it-IT.json
@@ -1082,6 +1082,8 @@
"Failed to save OIDC provider": "Impossibile salvare il provider OIDC",
"Failed to validate OIDC configuration": "Impossibile validare la configurazione OIDC",
"Groups Claim": "Claim gruppi",
+ "Roles Claim": "Roles Claim",
+ "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.": "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.",
"Issuer": "Issuer",
"Leave empty to keep current secret": "Lascia vuoto per mantenere il segreto corrente",
"Loading...": "Caricamento...",
diff --git a/i18n/locales/ja-JP.json b/i18n/locales/ja-JP.json
index 4ee69a3..046ea93 100644
--- a/i18n/locales/ja-JP.json
+++ b/i18n/locales/ja-JP.json
@@ -1078,6 +1078,8 @@
"Failed to save OIDC provider": "OIDC プロバイダーの保存に失敗しました",
"Failed to validate OIDC configuration": "OIDC 設定の検証に失敗しました",
"Groups Claim": "グループクレーム",
+ "Roles Claim": "Roles Claim",
+ "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.": "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.",
"Issuer": "発行者",
"Leave empty to keep current secret": "現在のシークレットを維持するには空欄のままにしてください",
"Loading...": "読み込み中...",
diff --git a/i18n/locales/ko-KR.json b/i18n/locales/ko-KR.json
index 58a64b5..d713639 100644
--- a/i18n/locales/ko-KR.json
+++ b/i18n/locales/ko-KR.json
@@ -1078,6 +1078,8 @@
"Failed to save OIDC provider": "OIDC 공급자 저장에 실패했습니다",
"Failed to validate OIDC configuration": "OIDC 구성 검증에 실패했습니다",
"Groups Claim": "그룹 클레임",
+ "Roles Claim": "Roles Claim",
+ "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.": "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.",
"Issuer": "발급자",
"Leave empty to keep current secret": "현재 시크릿을 유지하려면 비워 두세요",
"Loading...": "불러오는 중...",
diff --git a/i18n/locales/pt-BR.json b/i18n/locales/pt-BR.json
index fb2c195..86004d1 100644
--- a/i18n/locales/pt-BR.json
+++ b/i18n/locales/pt-BR.json
@@ -1082,6 +1082,8 @@
"Failed to save OIDC provider": "Falha ao salvar provedor OIDC",
"Failed to validate OIDC configuration": "Falha ao validar a configuração OIDC",
"Groups Claim": "Claim de grupos",
+ "Roles Claim": "Roles Claim",
+ "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.": "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.",
"Issuer": "Emissor",
"Leave empty to keep current secret": "Deixe em branco para manter o segredo atual",
"Loading...": "Carregando...",
diff --git a/i18n/locales/ru-RU.json b/i18n/locales/ru-RU.json
index f72ab06..adbc03b 100644
--- a/i18n/locales/ru-RU.json
+++ b/i18n/locales/ru-RU.json
@@ -1083,6 +1083,8 @@
"Failed to save OIDC provider": "Не удалось сохранить OIDC-провайдера",
"Failed to validate OIDC configuration": "Не удалось проверить конфигурацию OIDC",
"Groups Claim": "Claim групп",
+ "Roles Claim": "Roles Claim",
+ "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.": "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.",
"Issuer": "Издатель",
"Leave empty to keep current secret": "Оставьте пустым, чтобы сохранить текущий секрет",
"Loading...": "Загрузка...",
diff --git a/i18n/locales/tr-TR.json b/i18n/locales/tr-TR.json
index c82d195..3739352 100644
--- a/i18n/locales/tr-TR.json
+++ b/i18n/locales/tr-TR.json
@@ -1074,6 +1074,8 @@
"Failed to save OIDC provider": "OIDC sağlayıcısı kaydedilemedi",
"Failed to validate OIDC configuration": "OIDC yapılandırması doğrulanamadı",
"Groups Claim": "Gruplar Claim",
+ "Roles Claim": "Roles Claim",
+ "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.": "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.",
"Issuer": "Yayıncı",
"Leave empty to keep current secret": "Geçerli sırrı korumak için boş bırakın",
"Loading...": "Yükleniyor...",
diff --git a/i18n/locales/vi-VN.json b/i18n/locales/vi-VN.json
index ecc4a75..be18516 100644
--- a/i18n/locales/vi-VN.json
+++ b/i18n/locales/vi-VN.json
@@ -1059,6 +1059,8 @@
"Failed to save OIDC provider": "Lưu nhà cung cấp OIDC thất bại",
"Failed to validate OIDC configuration": "Xác thực cấu hình OIDC thất bại",
"Groups Claim": "Claim nhóm",
+ "Roles Claim": "Roles Claim",
+ "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.": "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.",
"Issuer": "Nhà phát hành",
"Leave empty to keep current secret": "Để trống để giữ secret hiện tại",
"Loading...": "Đang tải...",
diff --git a/i18n/locales/zh-CN.json b/i18n/locales/zh-CN.json
index fe77611..0a86fab 100644
--- a/i18n/locales/zh-CN.json
+++ b/i18n/locales/zh-CN.json
@@ -937,6 +937,8 @@
"Failed to save OIDC provider": "保存 OIDC provider 失败",
"Failed to validate OIDC configuration": "OIDC 配置校验失败",
"Groups Claim": "分组声明",
+ "Roles Claim": "角色声明",
+ "Optional. Separate claim for role values (e.g. roles). Leave empty to use groups claim only.": "可选。角色值的独立声明名(例如 roles)。留空则仅使用分组声明。",
"Issuer": "签发者",
"Leave empty to keep current secret": "留空表示保留当前密钥",
"Loading...": "加载中...",
diff --git a/types/oidc.ts b/types/oidc.ts
index 77c6204..9e85d5f 100644
--- a/types/oidc.ts
+++ b/types/oidc.ts
@@ -16,6 +16,8 @@ export interface OidcConfigProvider {
claim_prefix: string
role_policy: string
groups_claim: string
+ /** Secondary claim for role values (e.g. Entra `roles`). Omitted by older servers. */
+ roles_claim?: string
email_claim: string
username_claim: string
}
@@ -38,6 +40,7 @@ export interface SaveOidcConfigPayload {
claim_prefix: string
role_policy: string
groups_claim: string
+ roles_claim: string
email_claim: string
username_claim: string
}
@@ -86,6 +89,7 @@ export interface OidcProviderFormValues {
claim_prefix: string
role_policy: string
groups_claim: string
+ roles_claim: string
email_claim: string
username_claim: string
}
@@ -106,6 +110,7 @@ export const DEFAULT_OIDC_FORM_VALUES: OidcProviderFormValues = {
claim_prefix: "",
role_policy: "",
groups_claim: "groups",
+ roles_claim: "",
email_claim: "email",
username_claim: "preferred_username",
}