From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id B56CD1FF13F
	for <inbox@lore.proxmox.com>; Thu, 07 May 2026 11:35:19 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 5871B11B52;
	Thu,  7 May 2026 11:35:17 +0200 (CEST)
Date: Thu, 07 May 2026 11:35:05 +0200
From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= <f.gruenbichler@proxmox.com>
Subject: partially-applied: [PATCH many v5 0/8] fix #5076: add support for
 open id audiences
To: pve-devel@lists.proxmox.com, Shannon Sterz <s.sterz@proxmox.com>
References: <20260423133548.349086-1-s.sterz@proxmox.com>
In-Reply-To: <20260423133548.349086-1-s.sterz@proxmox.com>
MIME-Version: 1.0
User-Agent: astroid/0.17.0 (https://github.com/astroidmail/astroid)
Message-Id: <1778145240.kn3w35ba98.astroid@yuna.none>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1778146400223
X-SPAM-LEVEL: Spam detection results:  0
	AWL                     0.054 Adjusted score from AWL reputation of From:
 address
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DMARC_MISSING             0.1 Missing DMARC policy
	KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict
 Alignment
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_PASS               -0.001 SPF: sender matches SPF record
	URIBL_BLOCKED           0.001 ADMINISTRATOR NOTICE: The query to URIBL was
 blocked.  See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
 for more information. [lib.rs]
Message-ID-Hash: 2MZPM42CWXYTQPCYP4ZMA5YXD35V3OX6
X-Message-ID-Hash: 2MZPM42CWXYTQPCYP4ZMA5YXD35V3OX6
X-MailFrom: f.gruenbichler@proxmox.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Owner: <mailto:pve-devel-owner@lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Subscribe: <mailto:pve-devel-join@lists.proxmox.com>
List-Unsubscribe: <mailto:pve-devel-leave@lists.proxmox.com>

thanks for pulling this across the finish line!

On April 23, 2026 3:35 pm, Shannon Sterz wrote:
> [..]

> proxmox:
>=20
> Shannon Sterz (2):
>   fix #5076: openid: add logic to handle OIDC audiences
>   fix #5076: pbs-api-types: add audiences to open id realm config
>=20
>  pbs-api-types/src/openid.rs | 26 ++++++++++++++++++++++++++
>  proxmox-openid/src/lib.rs   | 21 +++++++++++++++++++--
>  2 files changed, 45 insertions(+), 2 deletions(-)

applied and bumped these two

> access-control:
>=20
> Shannon Sterz (1):
>   fix #5076: auth: open id: add an optional "audiences" field
>=20
>  src/PVE/API2/OpenId.pm | 4 ++++
>  src/PVE/Auth/OpenId.pm | 9 +++++++++
>  2 files changed, 13 insertions(+)

not applied yet: waiting for a pve-rs bump to pick up the proxmox-openid
changes

do we need similar changes in pmg-api before the next pmg-rs bump?

> manager:
>=20
> Shannon Sterz (1):
>   fix #5076: ui: dc: add an optional "audiences" field for open id
>     realms
>=20
>  www/manager6/dc/AuthEditOpenId.js | 9 +++++++++
>  1 file changed, 9 insertions(+)

not applied yet: needs to wait for pve-access-control, since it's the UI
enablement for the backend change

> yew-comp:
>=20
> Shannon Sterz (1):
>   fix #5076: auth edit openid: add advanced  "audiences" field
>=20
>  src/auth_edit_openid.rs | 2 ++
>  1 file changed, 2 insertions(+)

applied, but not bumped

once it is bumped, PDM will pick up the UI side of changes when it is
next rebuilt/bumped

> datacenter-manager:
>=20
> Shannon Sterz (1):
>   fix #5076: api-types/api: support audiences property for open id
>     realms
>=20
>  lib/pdm-api-types/src/openid.rs        | 30 +++++++++++++++++++++++++-
>  server/src/api/access/openid.rs        |  8 +++++++
>  server/src/api/config/access/openid.rs |  8 +++++++
>  3 files changed, 45 insertions(+), 1 deletion(-)

applied with version bump of proxmox-openid, but not bumped PDM itself

> backup:
>=20
> Shannon Sterz (1):
>   fix #5076: api: support audiences property for open id realms
>=20
>  src/api2/access/openid.rs        | 8 ++++++++
>  src/api2/config/access/openid.rs | 8 ++++++++
>  2 files changed, 16 insertions(+)

applied with version bump of proxmox-openid and pbs-api-types, but not
bumped PBS itself

> widget-toolkit:
>=20
> Shannon Sterz (1):
>   fix #5076: ui: dc: add an optional "audiences" field for open id
>     realms
>=20
>  src/window/AuthEditOpenId.js | 9 +++++++++
>  1 file changed, 9 insertions(+)

not applied yet, needs to wait for the next PBS bump and then get breaks
on old PBS, dependency from new PBS I guess?

> Summary over all repositories:
>   12 files changed, 139 insertions(+), 3 deletions(-)
>=20
> --=20
> Generated by murpp 0.10.0
>=20
>=20
>=20
>=20
>=20