tinyauthapp · mathieu-lemay · May 24, 2026 · May 25, 2026 · May 25, 2026 · May 25, 2026
diff --git a/internal/controller/oauth_controller.go b/internal/controller/oauth_controller.go
@@ -215,9 +215,14 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 		return
 	}
 
+	userAttribs := controller.getUserAttributes(user.Email)
+
 	var name string
 
-	if strings.TrimSpace(user.Name) != "" {
+	if userAttribs.Name != "" {
+		controller.log.App.Debug().Msg("Using name from Auth user attributes")
+		name = userAttribs.Name
+	} else if strings.TrimSpace(user.Name) != "" {
 		controller.log.App.Debug().Msg("Using name from OAuth provider")
 		name = user.Name
 	} else {
@@ -232,20 +237,33 @@ func (controller *OAuthController) oauthCallbackHandler(c *gin.Context) {
 
 	var username string
 
-	if strings.TrimSpace(user.PreferredUsername) != "" {
+	if userAttribs.PreferredUsername != "" {
+		controller.log.App.Debug().Msg("Using preferred username from Auth user attributes")
+		username = userAttribs.PreferredUsername
+	} else if strings.TrimSpace(user.PreferredUsername) != "" {
 		controller.log.App.Debug().Msg("Using preferred username from OAuth provider")
 		username = user.PreferredUsername
 	} else {
 		controller.log.App.Debug().Msg("No preferred username from OAuth provider, generating from email")
 		username = strings.Replace(user.Email, "@", "_", 1)
 	}
 
+	var groups string
+
+	if userAttribs.Groups != nil {
+		groups = strings.Join(userAttribs.Groups, ",")
+		controller.log.App.Debug().Msgf("Using groups from Auth user attributes: %s", groups)
+	} else {
+		controller.log.App.Debug().Msg("Using groups from OAuth provider")
+		groups = utils.CoalesceToString(user.Groups)
+	}
+
 	sessionCookie := repository.Session{
 		Username:    username,
 		Name:        name,
 		Email:       user.Email,
 		Provider:    svc.ID(),
-		OAuthGroups: utils.CoalesceToString(user.Groups),
+		OAuthGroups: groups,
 		OAuthName:   svc.Name(),
 		OAuthSub:    user.Sub,
 	}
@@ -307,3 +325,10 @@ func (controller *OAuthController) getCookieDomain() string {
 	}
 	return controller.runtime.CookieDomain
 }
+
+func (controller *OAuthController) getUserAttributes(email string) model.UserAttributes {
+	email = strings.ReplaceAll(email, "@", "-")
+	email = strings.ReplaceAll(email, ".", "-")
+	attribs := controller.config.Auth.UserAttributes[email]
+	return attribs
+}
diff --git a/internal/model/config.go b/internal/model/config.go
@@ -127,21 +127,23 @@ type AuthConfig struct {
 }
 
 type UserAttributes struct {
-	Name        string       `description:"Full name of the user." yaml:"name"`
-	GivenName   string       `description:"Given (first) name of the user." yaml:"givenName"`
-	FamilyName  string       `description:"Family (last) name of the user." yaml:"familyName"`
-	MiddleName  string       `description:"Middle name of the user." yaml:"middleName"`
-	Nickname    string       `description:"Nickname of the user." yaml:"nickname"`
-	Profile     string       `description:"URL of the user's profile page." yaml:"profile"`
-	Picture     string       `description:"URL of the user's profile picture." yaml:"picture"`
-	Website     string       `description:"URL of the user's website." yaml:"website"`
-	Email       string       `description:"Email address of the user." yaml:"email"`
-	Gender      string       `description:"Gender of the user." yaml:"gender"`
-	Birthdate   string       `description:"Birthdate of the user (YYYY-MM-DD)." yaml:"birthdate"`
-	Zoneinfo    string       `description:"Time zone of the user (e.g. Europe/Athens)." yaml:"zoneinfo"`
-	Locale      string       `description:"Locale of the user (e.g. en-US)." yaml:"locale"`
-	PhoneNumber string       `description:"Phone number of the user." yaml:"phoneNumber"`
-	Address     AddressClaim `description:"Address of the user." yaml:"address"`
+	Name              string       `description:"Full name of the user." yaml:"name"`
+	GivenName         string       `description:"Given (first) name of the user." yaml:"givenName"`
+	FamilyName        string       `description:"Family (last) name of the user." yaml:"familyName"`
+	MiddleName        string       `description:"Middle name of the user." yaml:"middleName"`
+	Nickname          string       `description:"Nickname of the user." yaml:"nickname"`
+	PreferredUsername string       `description:"Preferred username of the user." yaml:"preferredUsername"`
+	Groups            []string     `description:"List of groups the user belongs to." yaml:"groups"`
+	Profile           string       `description:"URL of the user's profile page." yaml:"profile"`
+	Picture           string       `description:"URL of the user's profile picture." yaml:"picture"`
+	Website           string       `description:"URL of the user's website." yaml:"website"`
+	Email             string       `description:"Email address of the user." yaml:"email"`
+	Gender            string       `description:"Gender of the user." yaml:"gender"`
+	Birthdate         string       `description:"Birthdate of the user (YYYY-MM-DD)." yaml:"birthdate"`
+	Zoneinfo          string       `description:"Time zone of the user (e.g. Europe/Athens)." yaml:"zoneinfo"`
+	Locale            string       `description:"Locale of the user (e.g. en-US)." yaml:"locale"`
+	PhoneNumber       string       `description:"Phone number of the user." yaml:"phoneNumber"`
+	Address           AddressClaim `description:"Address of the user." yaml:"address"`
 }
 
 type AddressClaim struct {