feat(sso): add custom extra scope support #7577
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR allows user set custom extra scope for SSO login.
Purpose
The purpose of this change is to give users more flexibility of username key (
sso_oidc_username_key
) based on ID token from OIDC server, for example, usingemail
orusername
. Some OIDC implementations adds extra claims to ID token based what scope are passed to the server, so allowing users customize the scope is a must.Implementation
This PR adds a new settings option,
SSOExtraScopes
(sso_extra_scopes
). If the settings option is not empty, it will be appended to the default scopes ([openid profile]
).Front-end / i18n considerations
A new settings key,
sso_extra_scopes
would be added to front-end / i18n file. I have opened a related PR on front-end project: AlistGo/alist-web#203.There are also small typo and styles fixes should be made, like
Sso
should beSSO
,Ldap
should beLDAP
. Such changes are already conatined in the related PR. Please also kindly change translation on Crowdin for better looking.