Skip to content

Commit 088120d

Browse files
baobao1270baobao1270
authored
feat(sso): add custom extra scope support (#7577)
1 parent aa45a82 commit 088120d

File tree

3 files changed

+9
-2
lines changed

3 files changed

+9
-2
lines changed

internal/bootstrap/data/setting.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -164,6 +164,7 @@ func InitialSettings() []model.SettingItem {
164164
{Key: conf.SSOApplicationName, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
165165
{Key: conf.SSOEndpointName, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
166166
{Key: conf.SSOJwtPublicKey, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
167+
{Key: conf.SSOExtraScopes, Value: "", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
167168
{Key: conf.SSOAutoRegister, Value: "false", Type: conf.TypeBool, Group: model.SSO, Flag: model.PRIVATE},
168169
{Key: conf.SSODefaultDir, Value: "/", Type: conf.TypeString, Group: model.SSO, Flag: model.PRIVATE},
169170
{Key: conf.SSODefaultPermission, Value: "0", Type: conf.TypeNumber, Group: model.SSO, Flag: model.PRIVATE},

internal/conf/const.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,7 @@ const (
7272
SSOApplicationName = "sso_application_name"
7373
SSOEndpointName = "sso_endpoint_name"
7474
SSOJwtPublicKey = "sso_jwt_public_key"
75+
SSOExtraScopes = "sso_extra_scopes"
7576
SSOAutoRegister = "sso_auto_register"
7677
SSODefaultDir = "sso_default_dir"
7778
SSODefaultPermission = "sso_default_permission"

server/handles/ssologin.go

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,14 @@ import (
44
"encoding/base64"
55
"errors"
66
"fmt"
7-
"github.com/Xhofe/go-cache"
87
"net/http"
98
"net/url"
109
"path"
1110
"strings"
1211
"time"
1312

13+
"github.com/Xhofe/go-cache"
14+
1415
"github.com/alist-org/alist/v3/internal/conf"
1516
"github.com/alist-org/alist/v3/internal/db"
1617
"github.com/alist-org/alist/v3/internal/model"
@@ -123,6 +124,10 @@ func GetOIDCClient(c *gin.Context, useCompatibility bool, redirectUri, method st
123124
}
124125
clientId := setting.GetStr(conf.SSOClientId)
125126
clientSecret := setting.GetStr(conf.SSOClientSecret)
127+
extraScopes := []string{}
128+
if setting.GetStr(conf.SSOExtraScopes) != "" {
129+
extraScopes = strings.Split(setting.GetStr(conf.SSOExtraScopes), " ")
130+
}
126131
return &oauth2.Config{
127132
ClientID: clientId,
128133
ClientSecret: clientSecret,
@@ -132,7 +137,7 @@ func GetOIDCClient(c *gin.Context, useCompatibility bool, redirectUri, method st
132137
Endpoint: provider.Endpoint(),
133138

134139
// "openid" is a required scope for OpenID Connect flows.
135-
Scopes: []string{oidc.ScopeOpenID, "profile"},
140+
Scopes: append([]string{oidc.ScopeOpenID, "profile"}, extraScopes...),
136141
}, nil
137142
}
138143

0 commit comments

Comments
 (0)