🔧 add OIDC scope option

This commit is contained in:
noway_/ 2024-07-16 14:00:03 +02:00
parent 66dac6ff6d
commit 9547c3baec
4 changed files with 11 additions and 3 deletions

View File

@ -15,6 +15,7 @@
- [Setting up Keycloak](#2-setup-keycloak-users)
- [Configuring Dashy for Keycloak](#3-enable-keycloak-in-dashy-config-file)
- [Toubleshooting Keycloak](#troubleshooting-keycloak)
- [OpenID Connect](#oidc)
- [Alternative Authentication Methods](#alternative-authentication-methods)
- [VPN](#vpn)
- [IP-Based Access](#ip-based-access)
@ -283,6 +284,7 @@ appConfig:
oidc:
clientId: [registered client id]
endpoint: [OIDC endpoint]
scope: [The scope(s) to request from the OIDC provider]
```
Because Dashy is a SPA, a [public client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1) registration with PKCE is needed.

View File

@ -202,6 +202,7 @@ For more info, see the **[Authentication Docs](/docs/authentication.md)**
--- | --- | --- | ---
**`clientId`** | `string` | Required | The client id registered in the OIDC server
**`endpoint`** | `string` | Required | The URL of the OIDC server that should be used.
**`scope`** | `string` | Required | The scope(s) to request from the OIDC provider
**[⬆️ Back to Top](#configuring)**

View File

@ -565,7 +565,12 @@
"title": "OIDC Client Id",
"type": "string",
"description": "ClientId from OIDC provider"
}
},
"scope" : {
"title": "OIDC Scope",
"type": "string",
"description": "The scope(s) to request from the OIDC provider"
}
}
},
"enableHeaderAuth": {

View File

@ -13,14 +13,14 @@ const getAppConfig = () => {
class OidcAuth {
constructor() {
const { auth } = getAppConfig();
const { clientId, endpoint } = auth.oidc;
const { clientId, endpoint, scope } = auth.oidc;
const settings = {
userStore: new WebStorageStateStore({ store: window.localStorage }),
authority: endpoint,
client_id: clientId,
redirect_uri: `${window.location.origin}`,
response_type: 'code',
scope: 'openid profile email roles groups',
scope,
response_mode: 'query',
filterProtocolClaims: true,
};