Skip to content

Commit

Permalink
feat(sso): add custom extra scope support (#7577)
Browse files Browse the repository at this point in the history
  • Loading branch information
baobao1270 authored Dec 9, 2024
1 parent aa45a82 commit 088120d
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 2 deletions.
1 change: 1 addition & 0 deletions internal/bootstrap/data/setting.go
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,7 @@ func InitialSettings() []model.SettingItem {
{Key: conf.SSOApplicationName, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
{Key: conf.SSOEndpointName, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
{Key: conf.SSOJwtPublicKey, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
{Key: conf.SSOExtraScopes, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
{Key: conf.SSOAutoRegister, Value: "false", Type: conf.TypeBool, Group: model.SSO, Flag: model.PRIVATE},
{Key: conf.SSODefaultDir, Value: "/", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
{Key: conf.SSODefaultPermission, Value: "0", Type: conf.TypeNumber, Group: model.SSO, Flag: model.PRIVATE},
Expand Down
1 change: 1 addition & 0 deletions internal/conf/const.go
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ const (
SSOApplicationName = "sso_application_name"
SSOEndpointName = "sso_endpoint_name"
SSOJwtPublicKey = "sso_jwt_public_key"
SSOExtraScopes = "sso_extra_scopes"
SSOAutoRegister = "sso_auto_register"
SSODefaultDir = "sso_default_dir"
SSODefaultPermission = "sso_default_permission"
Expand Down
9 changes: 7 additions & 2 deletions server/handles/ssologin.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,14 @@ import (
"encoding/base64"
"errors"
"fmt"
"github.com/Xhofe/go-cache"
"net/http"
"net/url"
"path"
"strings"
"time"

"github.com/Xhofe/go-cache"

"github.com/alist-org/alist/v3/internal/conf"
"github.com/alist-org/alist/v3/internal/db"
"github.com/alist-org/alist/v3/internal/model"
Expand Down Expand Up @@ -123,6 +124,10 @@ func GetOIDCClient(c *gin.Context, useCompatibility bool, redirectUri, method st
}
clientId := setting.GetStr(conf.SSOClientId)
clientSecret := setting.GetStr(conf.SSOClientSecret)
extraScopes := []string{}
if setting.GetStr(conf.SSOExtraScopes) != "" {
extraScopes = strings.Split(setting.GetStr(conf.SSOExtraScopes), " ")
}
return &oauth2.Config{
ClientID: clientId,
ClientSecret: clientSecret,
Expand All @@ -132,7 +137,7 @@ func GetOIDCClient(c *gin.Context, useCompatibility bool, redirectUri, method st
Endpoint: provider.Endpoint(),

// "openid" is a required scope for OpenID Connect flows.
Scopes: []string{oidc.ScopeOpenID, "profile"},
Scopes: append([]string{oidc.ScopeOpenID, "profile"}, extraScopes...),
}, nil
}

Expand Down

0 comments on commit 088120d

Please sign in to comment.