Skip to content

OIDC: group to role mapping not working when group contains space #6021

New issue
New issue
Open
Open
OIDC: group to role mapping not working when group contains space#6021
Labels
🐛 Bug
@jrttr

Description

@jrttr
jrttr
opened on Feb 13, 2026

Describe the Bug

I've migrated from LDAP to OIDC-Login.
With LDAP authentication we were able to use all groups and map them to roles.
Since the migration to OIDC the group to role mapping works for groups without spaces only

Steps to Reproduce

  1. Setup OIDC in .env and enable groups_sync
OIDC_USER_TO_GROUPS=true
OIDC_GROUPS_CLAIM=groups
  1. Use "OIDC_DUMP_USER_DETAIL" to verify the groups claim is working
OIDC_DUMP_USER_DETAILS=true

The details should look something like this:
(This example just shows the necessary details)

{
  "sub": "f:PfJpQtSaKJ3r6TFZmgi:testuser",
  "groups": [
    "group-without-spaces",
    "group with spaces"
  ],
  "preferred_username": "testuser",
  "family_name": "Test User",
  "email": "testuser@example.org"
}

  1. create 2 roles. One with the "External Authentication IDs" group-without-spaces one with group with spaces

  2. Relogin and check the roles in the user.

Expected Behaviour

I would expect both roles mapped to the user, but instead just the group-without-spaces is mapped.

Screenshots or Additional Context

No response

Browser Details

No response

Exact BookStack Version

v25.12.3

Metadata

Metadata

Assignees

No one assigned

    Labels

    🐛 Bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions