From aadc4dc3f627a365cb5f27dfd8e89b1564140e20 Mon Sep 17 00:00:00 2001 From: Jan-Hendrik Willms Date: Tue, 29 Apr 2025 08:10:40 +0200 Subject: oauth2: allow setting custom scopes in configuration, fixes #5567 Closes #5567 Merge request studip/studip!4190 --- config/config_defaults.inc.php | 3 +++ lib/classes/auth_plugins/StudipAuthOAuth2.php | 13 ++++++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/config/config_defaults.inc.php b/config/config_defaults.inc.php index 5e7875b..e5930dc 100644 --- a/config/config_defaults.inc.php +++ b/config/config_defaults.inc.php @@ -328,6 +328,9 @@ $STUDIP_AUTH_CONFIG_OAUTH2 = [ 'auth_user_md5.Nachname' => ['callback' => 'getUserData', 'map_args' => 'family_name'], 'auth_user_md5.EMail' => ['callback' => 'getUserData', 'map_args' => 'email'], ], + + // Enable the next line to allow setting your own scopes + // 'scopes' => [] ]; */ diff --git a/lib/classes/auth_plugins/StudipAuthOAuth2.php b/lib/classes/auth_plugins/StudipAuthOAuth2.php index a670067..606a5f3 100644 --- a/lib/classes/auth_plugins/StudipAuthOAuth2.php +++ b/lib/classes/auth_plugins/StudipAuthOAuth2.php @@ -18,6 +18,8 @@ final class StudipAuthOAuth2 extends StudipAuthSSO protected string $url_access_token; protected string $url_resource_owner_details; + protected ?array $scopes = null; + protected ?string $logout_url = null; private ?GenericProvider $client = null; @@ -37,11 +39,12 @@ final class StudipAuthOAuth2 extends StudipAuthSSO { if ($this->client === null) { $options = [ - 'clientId' => $this->client_id, - 'clientSecret' => $this->client_secret, - 'redirectUri' => $this->redirect_uri, - 'urlAuthorize' => $this->url_authorize, - 'urlAccessToken' => $this->url_access_token, + 'clientId' => $this->client_id, + 'clientSecret' => $this->client_secret, + 'redirectUri' => $this->redirect_uri, + 'scopes' => $this->scopes, + 'urlAuthorize' => $this->url_authorize, + 'urlAccessToken' => $this->url_access_token, 'urlResourceOwnerDetails' => $this->url_resource_owner_details, ]; -- cgit v1.0