From efe3bca19e4d564d3de2387ed90f80a0ed88a94a Mon Sep 17 00:00:00 2001
From: tarmst <thomasarmstrong174@gmail.com>
Date: Wed, 19 Feb 2025 16:47:52 +0000
Subject: [PATCH] Add nested claim search for groups oauth claim

---
 backend/open_webui/utils/oauth.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/backend/open_webui/utils/oauth.py b/backend/open_webui/utils/oauth.py
index a635853d6..d70e2007f 100644
--- a/backend/open_webui/utils/oauth.py
+++ b/backend/open_webui/utils/oauth.py
@@ -140,7 +140,14 @@ class OAuthManager:
         log.debug("Running OAUTH Group management")
         oauth_claim = auth_manager_config.OAUTH_GROUPS_CLAIM
 
-        user_oauth_groups: list[str] = user_data.get(oauth_claim, list())
+        # Nested claim search for groups claim
+        if oauth_claim:
+            claim_data = user_data
+            nested_claims = oauth_claim.split(".")
+            for nested_claim in nested_claims:
+                claim_data = claim_data.get(nested_claim, {})
+            user_oauth_groups = claim_data if isinstance(claim_data, list) else None
+
         user_current_groups: list[GroupModel] = Groups.get_groups_by_member_id(user.id)
         all_available_groups: list[GroupModel] = Groups.get_groups()