Add possibility to add additional parameters to login end-point

camptocamp · Dec 13, 2024 · 7471022 · 7471022
1 parent 80b00ce
commit 7471022
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 4 deletions.
diff --git a/doc/integrator/authentication_oidc.rst b/doc/integrator/authentication_oidc.rst
@@ -89,6 +89,10 @@ Other options
 ``create_user``: If ``true``, a user will be create in the geomapfish database if not exists,
   default is ``false``.
 
+``login_extra_params``: Extra parameters to add to the login request.
+  See `Zitadel additional parameters <https://zitadel.com/docs/apis/openidoauth/endpoints#additional-parameters>`_.
+  Default is ``{}``.
+
 ``match_field``: The field to use to match the user in the database, can be ``username`` (default) or ``email``.
 
 ``update_fields``: The fields to update in the database, default is: ``[]``, allowed values are

diff --git a/...al_geoportal/scaffolds/update/{{cookiecutter.project}}/geoportal/CONST_config-schema.yaml b/...al_geoportal/scaffolds/update/{{cookiecutter.project}}/geoportal/CONST_config-schema.yaml
@@ -250,6 +250,11 @@ mapping:
               create_user:
                 type: bool
                 default: false
+              login_extra_params:
+                type: map
+                mapping:
+                  regex;(.+):
+                    type: str
               match_field:
                 type: str
                 enum:

diff --git a/geoportal/c2cgeoportal_geoportal/views/login.py b/geoportal/c2cgeoportal_geoportal/views/login.py
@@ -50,6 +50,7 @@
 from pyramid.view import forbidden_view_config, view_config
 from sqlalchemy.orm.exc import NoResultFound  # type: ignore[attr-defined]
 
+import c2cgeoportal_commons.lib.url
 from c2cgeoportal_commons import models
 from c2cgeoportal_commons.lib.email_ import send_email_config
 from c2cgeoportal_commons.models import static
@@ -618,13 +619,17 @@ def oidc_login(self) -> pyramid.response.Response:
         )
 
         try:
-            return HTTPFound(
-                location=client.authorization_code_flow.start_authentication(
+
+            url = c2cgeoportal_commons.lib.url.Url(
+                client.authorization_code_flow.start_authentication(
                     code_challenge=code_challenge,
                     code_challenge_method="S256",
-                ),
-                headers=self.request.response.headers,
+                )
+            )
+            url.add_query(
+                self.authentication_settings.get("openid_connect", {}).get("login_extra_params", {})
             )
+            return HTTPFound(location=url.url(), headers=self.request.response.headers)
         finally:
             client.authorization_code_flow.code_challenge = ""