diff options
| author | Jan-Hendrik Willms <tleilax+studip@gmail.com> | 2025-04-29 08:03:04 +0200 |
|---|---|---|
| committer | Jan-Hendrik Willms <tleilax+studip@gmail.com> | 2025-04-29 08:03:04 +0200 |
| commit | 35936dc086e44fa0c87ce17bf5e31c0d7e52b1b6 (patch) | |
| tree | 5ca75cf55b999a69449de41dac597d7639342b75 | |
| parent | b66f348f3bc6ce48c98eb38de1f6163030c75b07 (diff) | |
openid connect: allow setting custom scopes in configuration, fixes #5566
Closes #5566
Merge request studip/studip!4189
| -rw-r--r-- | config/config_defaults.inc.php | 8 | ||||
| -rw-r--r-- | lib/classes/auth_plugins/StudipAuthOIDC.php | 9 |
2 files changed, 13 insertions, 4 deletions
diff --git a/config/config_defaults.inc.php b/config/config_defaults.inc.php index 66b6900..5e7875b 100644 --- a/config/config_defaults.inc.php +++ b/config/config_defaults.inc.php @@ -266,13 +266,15 @@ $STUDIP_AUTH_CONFIG_GOOGLE = [ 'plugin_fullname' => 'Google', 'login_description' => 'Login with Google', 'ssl_options' => ['certPath' => null, 'verifyPeer' => true, 'verifyHost' => true], - 'user_data_mapping' => - ['auth_user_md5.username' => ['callback' => 'dummy', 'map_args' => ''], + 'user_data_mapping' => [ + 'auth_user_md5.username' => ['callback' => 'dummy', 'map_args' => ''], 'auth_user_md5.password' => ['callback' => 'dummy', 'map_args' => ''], 'auth_user_md5.Email' => ['callback' => 'getUserData', 'map_args' => 'email'], 'auth_user_md5.Nachname' => ['callback' => 'getUserData', 'map_args' => 'family_name'], 'auth_user_md5.Vorname' => ['callback' => 'getUserData', 'map_args' => 'given_name'] - ] + ], + // Enable the next line to allow setting your own scopes + // 'scopes' => [] ]; $STUDIP_AUTH_CONFIG_LTI = [ diff --git a/lib/classes/auth_plugins/StudipAuthOIDC.php b/lib/classes/auth_plugins/StudipAuthOIDC.php index 0487c6c..b98137d 100644 --- a/lib/classes/auth_plugins/StudipAuthOIDC.php +++ b/lib/classes/auth_plugins/StudipAuthOIDC.php @@ -23,15 +23,22 @@ class StudipAuthOIDC extends StudipAuthSSO * @var string */ public $provider_url; + /** * @var string */ public $client_id; + /** * @var string */ public $client_secret; + /** + * @var string[] + */ + public $scopes = ['openid', 'email', 'profile']; + private function getClient(): OpenIDConnectClient { if ($this->oidc === null) { @@ -50,7 +57,7 @@ class StudipAuthOIDC extends StudipAuthSSO $return_url = URLHelper::getScriptURL($GLOBALS['ABSOLUTE_URI_STUDIP'] . 'index.php', ['sso' => $this->plugin_name, 'again' => 'yes']); $this->oidc->setRedirectURL($return_url); - $this->oidc->addScope(['openid', 'email', 'profile']); + $this->oidc->addScope($this->scopes); } return $this->oidc; |