I have SSO set up (externally) through a JWT provider. My application uses a role based system for authentication and I’d like to translate this to discourse as well.
I believe using groups does this well. I can set up appropriate groups (manually if required / through the API), for this to work. However I don’t want to manually add users to a group.
- If the groups are handled through the session cookie, can I have a field in my JWT (jwt-omniauth sso) to give the appropriate groups to the users?
- Or will calling an API to add them to the group be the way to go?