Skip to content

Commit

Permalink
🔀 Merge pull request #1641 from nOw-Ay/master
Browse files Browse the repository at this point in the history
 🔧 add OIDC scope option
  • Loading branch information
Lissy93 authored Aug 17, 2024
2 parents 864feca + 439c73c commit 80e8dc9
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 3 deletions.
1 change: 1 addition & 0 deletions docs/authentication.md
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,7 @@ appConfig:
oidc:
clientId: [registered client id]
endpoint: [OIDC endpoint]
scope: [The scope(s) to request from the OIDC provider]
```

Because Dashy is a SPA, a [public client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1) registration with PKCE is needed.
Expand Down
1 change: 1 addition & 0 deletions docs/configuring.md
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,7 @@ For more info, see the **[Authentication Docs](/docs/authentication.md)**
--- | --- | --- | ---
**`clientId`** | `string` | Required | The client id registered in the OIDC server
**`endpoint`** | `string` | Required | The URL of the OIDC server that should be used.
**`scope`** | `string` | Required | The scope(s) to request from the OIDC provider

**[⬆️ Back to Top](#configuring)**

Expand Down
7 changes: 6 additions & 1 deletion src/utils/ConfigSchema.json
Original file line number Diff line number Diff line change
Expand Up @@ -565,7 +565,12 @@
"title": "OIDC Client Id",
"type": "string",
"description": "ClientId from OIDC provider"
}
},
"scope" : {
"title": "OIDC Scope",
"type": "string",
"description": "The scope(s) to request from the OIDC provider"
}
}
},
"enableHeaderAuth": {
Expand Down
4 changes: 2 additions & 2 deletions src/utils/OidcAuth.js
Original file line number Diff line number Diff line change
Expand Up @@ -13,14 +13,14 @@ const getAppConfig = () => {
class OidcAuth {
constructor() {
const { auth } = getAppConfig();
const { clientId, endpoint } = auth.oidc;
const { clientId, endpoint, scope } = auth.oidc;
const settings = {
userStore: new WebStorageStateStore({ store: window.localStorage }),
authority: endpoint,
client_id: clientId,
redirect_uri: `${window.location.origin}`,
response_type: 'code',
scope: 'openid profile email roles groups',
scope: scope || 'openid profile email roles groups',
response_mode: 'query',
filterProtocolClaims: true,
};
Expand Down

0 comments on commit 80e8dc9

Please sign in to comment.