blob: 8beedc004688d66103ceac7c2dc19201ef45a0f1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
---
title: "User Attributes"
description: "User Attributes Definitions Configuration"
summary: "Authelia allows configuring reusable user attribute definitions."
date: 2025-02-22T06:40:08+00:00
draft: false
images: []
weight: 199100
toc: true
seo:
title: "" # custom title (optional)
description: "" # custom description (recommended)
canonical: "" # custom canonical URL (optional)
noindex: false # false (default) or true
---
The user attributes section allows you to define custom attributes for your users using Common Expression Language (CEL).
These attributes can be used at the current time to:
- Enhance [OpenID Connect 1.0 claims](../../integration/openid-connect/openid-connect-1.0-claims.md) with dynamic values
## Configuration
{{< config-alert-example >}}
```yaml {title="configuration.yml"}
definitions:
user_attributes:
# Boolean attribute example
is_admin:
expression: '"admin" in groups'
# String attribute example
department:
expression: 'groups[0]'
# Number attribute example
access_level:
expression: '"admin" in groups ? 10 : 5'
```
## Options
This section describes the individual configuration options. Currently, these attribute definitions are used in the
[OpenID Connect 1.0 Provider](../identity-providers/openid-connect/provider.md#pol).
The key name is the name of the resulting attribute. It is important to note that this attribute name must not conflict
with extra attributes defined within the authentication backend, or with the common attributes we have defined.
In the above example the following attributes are added:
- `is_admin`
- `department`
- `access_level`
### expression
The [Common Expression Language](https://github.com/google/cel-spec) expression for this attribute.
|
