Proxmox/pve-access-control
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-access-control.git synced 2025-01-21 18:03:45 +03:00
Code Releases Activity

openid: support configuring scopes

Browse Source 
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2021-11-18 17:00:42 +01:00
parent 348c703875
commit 48e51c3383
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/PVE/API2/OpenId.pm
View File

@ -38,6 +38,9 @@ my $lookup_openid_auth = sub {
}; };
$openid_config->{prompt} = $config->{'prompt'} if defined($config->{'prompt'}); $openid_config->{prompt} = $config->{'prompt'} if defined($config->{'prompt'});
my $scopes = $config->{'scopes'} // 'email profile';
$openid_config->{scopes} = [ PVE::Tools::split_list($scopes) ];
my $openid = PVE::RS::OpenId->discover($openid_config, $redirect_url); my $openid = PVE::RS::OpenId->discover($openid_config, $redirect_url);
return ($config, $openid); return ($config, $openid);
}; };

8
src/PVE/Auth/OpenId.pm
View File

@ -49,6 +49,13 @@ sub properties {
pattern => '(?:none|login|consent|select_account|\S+)', # \S+ is the extension variant pattern => '(?:none|login|consent|select_account|\S+)', # \S+ is the extension variant
optional => 1, optional => 1,
}, },
scopes => {
description => "Specifies the scopes (user details) that should be authorized and"
." returned, for example 'email' or 'profile'.",
type => 'string', # format => 'some-safe-id-list', # FIXME: TODO
default => "email profile",
optional => 1,
},
}; };
} }
@ -60,6 +67,7 @@ sub options {
autocreate => { optional => 1 }, autocreate => { optional => 1 },
"username-claim" => { optional => 1, fixed => 1 }, "username-claim" => { optional => 1, fixed => 1 },
prompt => { optional => 1 }, prompt => { optional => 1 },
scopes => { optional => 1 },
default => { optional => 1 }, default => { optional => 1 },
comment => { optional => 1 }, comment => { optional => 1 },
}; };