Re: partially-applied: [PATCH many v5 0/8] fix #5076: add support for open id audiences

["Shannon Sterz" <s.sterz@proxmox.com>]

On Thu May 7, 2026 at 11:35 AM CEST, Fabian Grünbichler wrote:
> thanks for pulling this across the finish line!
>
> On April 23, 2026 3:35 pm, Shannon Sterz wrote:
>> [..]
>
>> proxmox:
>>
>> Shannon Sterz (2):
>>   fix #5076: openid: add logic to handle OIDC audiences
>>   fix #5076: pbs-api-types: add audiences to open id realm config
>>
>>  pbs-api-types/src/openid.rs | 26 ++++++++++++++++++++++++++
>>  proxmox-openid/src/lib.rs   | 21 +++++++++++++++++++--
>>  2 files changed, 45 insertions(+), 2 deletions(-)
>
> applied and bumped these two
>
>> access-control:
>>
>> Shannon Sterz (1):
>>   fix #5076: auth: open id: add an optional "audiences" field
>>
>>  src/PVE/API2/OpenId.pm | 4 ++++
>>  src/PVE/Auth/OpenId.pm | 9 +++++++++
>>  2 files changed, 13 insertions(+)
>
> not applied yet: waiting for a pve-rs bump to pick up the proxmox-openid
> changes
>
> do we need similar changes in pmg-api before the next pmg-rs bump?

yep send to more patches in response to handle this on the pmg side.

>> manager:
>>
>> Shannon Sterz (1):
>>   fix #5076: ui: dc: add an optional "audiences" field for open id
>>     realms
>>
>>  www/manager6/dc/AuthEditOpenId.js | 9 +++++++++
>>  1 file changed, 9 insertions(+)
>
> not applied yet: needs to wait for pve-access-control, since it's the UI
> enablement for the backend change
>
>> yew-comp:
>>
>> Shannon Sterz (1):
>>   fix #5076: auth edit openid: add advanced  "audiences" field
>>
>>  src/auth_edit_openid.rs | 2 ++
>>  1 file changed, 2 insertions(+)
>
> applied, but not bumped
>
> once it is bumped, PDM will pick up the UI side of changes when it is
> next rebuilt/bumped
>
>> datacenter-manager:
>>
>> Shannon Sterz (1):
>>   fix #5076: api-types/api: support audiences property for open id
>>     realms
>>
>>  lib/pdm-api-types/src/openid.rs        | 30 +++++++++++++++++++++++++-
>>  server/src/api/access/openid.rs        |  8 +++++++
>>  server/src/api/config/access/openid.rs |  8 +++++++
>>  3 files changed, 45 insertions(+), 1 deletion(-)
>
> applied with version bump of proxmox-openid, but not bumped PDM itself
>
>> backup:
>>
>> Shannon Sterz (1):
>>   fix #5076: api: support audiences property for open id realms
>>
>>  src/api2/access/openid.rs        | 8 ++++++++
>>  src/api2/config/access/openid.rs | 8 ++++++++
>>  2 files changed, 16 insertions(+)
>
> applied with version bump of proxmox-openid and pbs-api-types, but not
> bumped PBS itself
>
>> widget-toolkit:
>>
>> Shannon Sterz (1):
>>   fix #5076: ui: dc: add an optional "audiences" field for open id
>>     realms
>>
>>  src/window/AuthEditOpenId.js | 9 +++++++++
>>  1 file changed, 9 insertions(+)
>
> not applied yet, needs to wait for the next PBS bump and then get breaks
> on old PBS, dependency from new PBS I guess?
>

not sure how we usually prevent version mismatches here. but yes ideally
only newer versions of pbs would get the updated widget toolkit version.
to it's not really a breaking change as long as users don't try to use
the audiences field (which will fail with an error that the api does not
support that parameter).

>> Summary over all repositories:
>>   12 files changed, 139 insertions(+), 3 deletions(-)
>>
>> --
>> Generated by murpp 0.10.0
>>
>>
>>
>>
>>