How can I have users automatically set as admin or not / having different library access based on their roles in Authentik ?

[LeVraiRoiDHyrule]

Hi,

I'm trying again to set up again Oauth2 for jellyfin with authentik.
I have multiple questions :

• What do you call "roles" ? I found no mention of roles in Authentik docs. Is it the same as groups ? Does it mean that it will set users as admin or not depending on their groups ? If yes, it's what I'm searching for. If not, what it is ?

• Is this about library access or admin authorizations ? Where can I set those authorizations ?

• I'm currently having an error 400 when trying to get to https://auth.mydomain.com/application/o/authorize/?response_type=code&state=Y822dYt95504ShEZZ5mwDQ&code_challenge=0BOWoGlmR6ev4IrXJuPemjmH5WeRAykpCuslEcE2zd4&code_challenge_method=S256&client_id=c7f0fdcbe0758f83b4cce22a873942f305bca1e5&scope=openid%20profile%20%5B%22groups%22%5D&redirect_uri=https%3A%2F%2Fstream.mydomain.com%2Fsso%2FOID%2Fr%2Fauthentik . I correctly followed https://github.com/9p4/jellyfin-plugin-sso/blob/main/providers.md#authentik, so I don't know what could be causing this. Any idea ?

Thanks in advance for your help and for any help. Have a great day

[9p4]

Ensure that your "role claims" value is set properly. In authelia, groups are the closet you can get to roles.

Is this about library access or admin authorizations ? Where can I set those authorizations ?

This is to enable role / group checking. Keep it checked if you want to use the groups feature.

As for the 400 error, check the logs to find the source of the error. Upload them here.