diff options
| author | Jan-Hendrik Willms <tleilax+studip@gmail.com> | 2025-04-29 08:10:40 +0200 |
|---|---|---|
| committer | Jan-Hendrik Willms <tleilax+studip@gmail.com> | 2025-04-29 08:10:40 +0200 |
| commit | aadc4dc3f627a365cb5f27dfd8e89b1564140e20 (patch) | |
| tree | f0170f46b966cf339628c52cf567959d9b916048 | |
| parent | 35936dc086e44fa0c87ce17bf5e31c0d7e52b1b6 (diff) | |
oauth2: allow setting custom scopes in configuration, fixes #5567
Closes #5567
Merge request studip/studip!4190
| -rw-r--r-- | config/config_defaults.inc.php | 3 | ||||
| -rw-r--r-- | lib/classes/auth_plugins/StudipAuthOAuth2.php | 13 |
2 files changed, 11 insertions, 5 deletions
diff --git a/config/config_defaults.inc.php b/config/config_defaults.inc.php index 5e7875b..e5930dc 100644 --- a/config/config_defaults.inc.php +++ b/config/config_defaults.inc.php @@ -328,6 +328,9 @@ $STUDIP_AUTH_CONFIG_OAUTH2 = [ 'auth_user_md5.Nachname' => ['callback' => 'getUserData', 'map_args' => 'family_name'], 'auth_user_md5.EMail' => ['callback' => 'getUserData', 'map_args' => 'email'], ], + + // Enable the next line to allow setting your own scopes + // 'scopes' => [] ]; */ diff --git a/lib/classes/auth_plugins/StudipAuthOAuth2.php b/lib/classes/auth_plugins/StudipAuthOAuth2.php index a670067..606a5f3 100644 --- a/lib/classes/auth_plugins/StudipAuthOAuth2.php +++ b/lib/classes/auth_plugins/StudipAuthOAuth2.php @@ -18,6 +18,8 @@ final class StudipAuthOAuth2 extends StudipAuthSSO protected string $url_access_token; protected string $url_resource_owner_details; + protected ?array $scopes = null; + protected ?string $logout_url = null; private ?GenericProvider $client = null; @@ -37,11 +39,12 @@ final class StudipAuthOAuth2 extends StudipAuthSSO { if ($this->client === null) { $options = [ - 'clientId' => $this->client_id, - 'clientSecret' => $this->client_secret, - 'redirectUri' => $this->redirect_uri, - 'urlAuthorize' => $this->url_authorize, - 'urlAccessToken' => $this->url_access_token, + 'clientId' => $this->client_id, + 'clientSecret' => $this->client_secret, + 'redirectUri' => $this->redirect_uri, + 'scopes' => $this->scopes, + 'urlAuthorize' => $this->url_authorize, + 'urlAccessToken' => $this->url_access_token, 'urlResourceOwnerDetails' => $this->url_resource_owner_details, ]; |