In my labs we have a use case of sharing the console to untrusted users outside of the incus project. I want these users to only be able to do incus console on these containers, no other commands, how would I go about setting that up.
You could use OIDC+OpenFGA or use TLS and the authorization scriptlet, then only grant can_access_console to whatever user is used by those individuals who only need access to the console.
The alternative is to write some kind of proxy server which has access to the Incus API and can do the console request but then only exposes that publicly. Somewhat similar to what’s done within the incus-demo-server that provides our online demo service.
Though I’m also wondering what’s the use case for wanting to only offer console access to users as you can’t have multiple users interacting with the same console, so you’re basically limited to one connection per container. Unless you mean access to the exec API instead? (incus exec rather than incus console)
Its a class here at RIT called Cyber Defense Tactics, One group of students makes the build, one set of students is blue team and defends the network and another is a redteam that attacks the network. the blueteam would really like local console 
all three groups of students have their own projects, but blueteam should not have admin rights into the whiteteam (builders) project
I have generated a really bad tool for this GitHub - RIT-GCI/console-share: A Incus Websocket to TCP console sharing program. Great for labs!
its a little buggy, found a interesting websocket crash in incus for console on the containers,
Error: Failed running forkconsole: attaching to the container failed
restarting the container works, but the incusd is really mad now, the console sessions are now doubling up on text output, like localecho is on. Ill work on it more tomorrow by yelling at Claud some more.
spice proxy works great otherwise. so there is that.