Hi everyone,
Iβm happy to share OIDC Groups Mapping, a Nextcloud app that extends user_oidc to map multiple token claims to Nextcloud groups via configurable rules.
The problem it solves:
With user_oidc alone, you can map a single claim (mappingGroups) to groups. But many organizations need to derive groups from several claims at once β departments, roles, organization units, user types, etc. This app fills that gap.
Features:
- 5 rule types β direct, prefix, map, conditional, template β covering most mapping scenarios
- Dot-notation claim paths β access any nested field in the JWT token
- Additive or replace mode β merge with existing groups or fully override them
- Vue admin UI β visual rule editor with drag-and-drop reorder, JSON editor, and a simulator to preview results against a sample token
- OCC commands β list, set, and test rules from the CLI
- REST API β manage rules programmatically via OCS endpoints
- No database β rules are stored in app config, zero migrations
Quick example:
Given a token like:
{
"department": "Engineering",
"roles": ["admin", "editor"],
"organization": "corp.example.com",
"userType": "INTERNAL"
}
You can configure rules to produce groups like Engineering, role_admin, role_editor, Staff, Internal-Users β all from a single login event.
Requirements: Nextcloud 29β32, PHP 8.1+, user_oidc app installed.
Install: Search for βOIDC Groups Mappingβ in Administration β Apps, or run:
php occ app:install oidc_groups_mapping
- App Store: OIDC Groups Mapping - Apps - App Store - Nextcloud
- GitHub: GitHub - strobelpierre/nextcloud_oidc_groups_mapping: Enterprise OIDC group mapping for Nextcloud β maps multiple JWT claims to groups via 5 configurable rule types. TDD, CI/CD, production-ready. Β· GitHub
- Documentation: Home Β· strobelpierre/nextcloud_oidc_groups_mapping Wiki Β· GitHub
Feedback and contributions are welcome!
Pierre