openid connect: allow setting custom scopes in configuration, fixes #5566

Closes #5566 Merge request studip/studip!4189
author: Jan-Hendrik Willms <tleilax+studip@gmail.com> 2025-04-29 08:03:04 +0200
committer: Jan-Hendrik Willms <tleilax+studip@gmail.com> 2025-04-29 08:35:43 +0200
commit: acbb82ff57a93d4c46ee1122a288ba7113c1a8b7 (patch)
tree: 85d55eada38278f4b3d62dcd824a1f2e4ff3e06c /lib
parent: aae5f035faeda4675444e2d8d38a4d3f61a080e9 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/classes/auth_plugins/StudipAuthOIDC.class.php b/lib/classes/auth_plugins/StudipAuthOIDC.class.php
index d09a3bf..7071e90 100644
--- a/lib/classes/auth_plugins/StudipAuthOIDC.class.php
+++ b/lib/classes/auth_plugins/StudipAuthOIDC.class.php
@@ -23,15 +23,22 @@ class StudipAuthOIDC extends StudipAuthSSO
      * @var string
      */
     public $provider_url;
+
     /**
      * @var string
      */
     public $client_id;
+
     /**
      * @var string
      */
     public $client_secret;
 
+    /**
+     * @var string[]
+     */
+    public $scopes = ['openid', 'email', 'profile'];
+
     private function getClient(): OpenIDConnectClient
     {
         if ($this->oidc === null) {
@@ -50,7 +57,7 @@ class StudipAuthOIDC extends StudipAuthSSO
 
             $return_url = URLHelper::getScriptURL($GLOBALS['ABSOLUTE_URI_STUDIP'] . 'index.php', ['sso' => $this->plugin_name, 'again' => 'yes']);
             $this->oidc->setRedirectURL($return_url);
-            $this->oidc->addScope(['openid', 'email', 'profile']);
+            $this->oidc->addScope($this->scopes);
         }
 
         return $this->oidc;
author	Jan-Hendrik Willms <tleilax+studip@gmail.com>	2025-04-29 08:03:04 +0200
committer	Jan-Hendrik Willms <tleilax+studip@gmail.com>	2025-04-29 08:35:43 +0200
commit	acbb82ff57a93d4c46ee1122a288ba7113c1a8b7 (patch)
tree	85d55eada38278f4b3d62dcd824a1f2e4ff3e06c /lib
parent	aae5f035faeda4675444e2d8d38a4d3f61a080e9 (diff)