🔀 Merge pull request #1641 from nOw-Ay/master

🔧 add OIDC scope option
This commit is contained in:
Alicia Sykes 2024-08-17 15:34:07 +01:00 committed by GitHub
commit 80e8dc94fb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 10 additions and 3 deletions

View File

@ -285,6 +285,7 @@ appConfig:
oidc:
clientId: [registered client id]
endpoint: [OIDC endpoint]
scope: [The scope(s) to request from the OIDC provider]
```
Because Dashy is a SPA, a [public client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1) registration with PKCE is needed.

View File

@ -202,6 +202,7 @@ For more info, see the **[Authentication Docs](/docs/authentication.md)**
--- | --- | --- | ---
**`clientId`** | `string` | Required | The client id registered in the OIDC server
**`endpoint`** | `string` | Required | The URL of the OIDC server that should be used.
**`scope`** | `string` | Required | The scope(s) to request from the OIDC provider
**[⬆️ Back to Top](#configuring)**

View File

@ -565,7 +565,12 @@
"title": "OIDC Client Id",
"type": "string",
"description": "ClientId from OIDC provider"
}
},
"scope" : {
"title": "OIDC Scope",
"type": "string",
"description": "The scope(s) to request from the OIDC provider"
}
}
},
"enableHeaderAuth": {

View File

@ -13,14 +13,14 @@ const getAppConfig = () => {
class OidcAuth {
constructor() {
const { auth } = getAppConfig();
const { clientId, endpoint } = auth.oidc;
const { clientId, endpoint, scope } = auth.oidc;
const settings = {
userStore: new WebStorageStateStore({ store: window.localStorage }),
authority: endpoint,
client_id: clientId,
redirect_uri: `${window.location.origin}`,
response_type: 'code',
scope: 'openid profile email roles groups',
scope: scope || 'openid profile email roles groups',
response_mode: 'query',
filterProtocolClaims: true,
};