partially-applied: [PATCH many v6 0/3] fix #5076: add support for open id audiences

[Stoiko Ivanov <s.ivanov@proxmox.com>]

Thanks for tackling this and the quick iteration!

I applied the patch for pmg-api (2/3) and for pmg-gui (3/3):

[2/3] fix #5076: auth: openid: add support for an optional "audiences" field
      commit: 7b72b62dfbb68e36133b1eac50d37579fe011e67

[3/3] fix #5076: auth edit open id: add an optional audiences field
      commit: c13eadb0814dc95894ce79ada90961d7f1cbbe2b

On Tue,  9 Jun 2026 14:22:11 +0200
Shannon Sterz <s.sterz@proxmox.com> wrote:

> this series adapts the original patch series by Alexander Abraham [1]. below is
> the text of the original cover letter:
> 
> > fix #5076: Added Open ID audiences
> >
> > This series adds support for handling Open ID audiences as described in bug
> > #5076. PVE's API schema was updated to accept an optional field, an array of
> > strings and the Rust code was also updated to accordingly handle any incoming
> > audiences and compare them to the realm config's audiences. In the realm
> > dialogue for adding an Open ID realm, a new field titled "Audiences" was added
> > so that users can save any audiences in their realm domains config file.  
> 
> essentially, some open id providers such as zitadel [2] may provide additional
> audiences that their id tokens are valid for instead of just the client id.
> these patches allow setting such additional audiences. if an audience that is
> not explicitly allowed is encountered, the id token is rejected as before.
> 
> Changelog
> ---------
> 
> changes since v5:
> 
> * fix up an issue affecting the pmg patches regarding a false variable name
> (thanks @ Stoiko Ivanov)
> * drop patches that have already been applied
> 
> changes since v4:
> 
> * add patches to support audiences in proxmox-backup and
>   proxmox-datacenter-manager as well
> * instead of the api type and configs taking an array, it will now take a string
>   that is a list of audiences. this is more consistent with other parameters 
>   here.
> * rebased on current master.
> 
> changes since v3:
> 
> * rebased on current master
> * see the list of changes made by Shannon Sterz specified in each commit message
> 
> [1]: https://lore.proxmox.com/pve-devel/20250603091256.40923-1-a.abraham@proxmox.com/
> [2]: https://zitadel.com/
> 
> 
> widget-toolkit:
> 
> Shannon Sterz (1):
>   fix #5076: ui: dc: add an optional "audiences" field for open id
>     realms
> 
>  src/window/AuthEditOpenId.js | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> 
> pmg-api:
> 
> Shannon Sterz (1):
>   fix #5076: auth: openid: add support for an optional "audiences" field
> 
>  src/PMG/API2/OIDC.pm | 4 ++++
>  src/PMG/Auth/OIDC.pm | 9 +++++++++
>  2 files changed, 13 insertions(+)
> 
> 
> pmg-api:
> 
> Shannon Sterz (1):
>   fix #5076: auth edit open id: add an optional audiences field
> 
>  js/AuthEditOIDC.js | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> 
> Summary over all repositories:
>   4 files changed, 31 insertions(+), 0 deletions(-)
>