feat: assign users to teams via OIDC claims #1393
|
@ -125,6 +125,10 @@ func getProviderFromMap(pi map[string]interface{}) (provider *Provider, err erro
|
|||
logoutURL = ""
|
||||
}
|
||||
|
||||
scope, _ := pi["scope"].(string)
|
||||
if scope == "" {
|
||||
scope = "openid profile email"
|
||||
}
|
||||
provider = &Provider{
|
||||
Name: pi["name"].(string),
|
||||
Key: k,
|
||||
|
@ -132,7 +136,7 @@ func getProviderFromMap(pi map[string]interface{}) (provider *Provider, err erro
|
|||
OriginalAuthURL: pi["authurl"].(string),
|
||||
ClientSecret: pi["clientsecret"].(string),
|
||||
LogoutURL: logoutURL,
|
||||
Scope: pi["scope"].(string),
|
||||
Scope: scope,
|
||||
|
||||
}
|
||||
|
||||
cl, is := pi["clientid"].(int)
|
||||
|
|
Loading…
Reference in New Issue
Block a user
Aren't we always expecting the scope to be
vikunja_groups
? Why make it configurable then instead of always appending it?If you have a look at:
You'll see the hardcoded scope.
But to receive more information instead of openid profile email from the oidc provider you'll need an extra scope.
There was a PR on the frontend explaining this issue.
vikunja/frontend#2749
This part makes sure there is always the "openid profile email" scope set - as it was before, hardcoded.. But if you want to add a custom scope in the config.yml, then you have to tell the provider in back and frontend to actually use it.
Yes it is hardcoded in the frontend, but why make it a manual config setting instead of passing it automatically from the api to the provider? That would allow us to get rid of the extra config variable.
So you suggest to add:
Scope: "openid profile email vikunja_scope"
Anyway it has to be explained what "vikunja_scope" is and how it is used. I think it might be helpful for admins to use the scopes explicitly.
But I do not have a strong opinion on that
Okay, now I got you. Sorry for the confusion. Let's keep it the way you intended, please add an example scope to the
config.yml.sample
file.Done, it is also linked to the explanation in openid.md