feat: configurable scopes and issuer check skipping

2023-11-06 15:57:27 +01:00
parent 000b7c8cf4
commit e16b905bca
4 changed files with 33 additions and 21 deletions
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -48,14 +48,15 @@ type HTTPConfig struct {
 }

 type OIDCConfig struct {
-	ClientID               string `yaml:"clientId"  env:"OIDC_CLIENT_ID"`
-	ClientSecret           string `yaml:"clientSecret"  env:"OIDC_CLIENT_SECRET"`
-	IssuerURL              string `yaml:"issuerUrl"  env:"OIDC_ISSUER_URL"`
-	RedirectURL            string `yaml:"redirectUrl"  env:"OIDC_REDIRECT_URL"`
-	PostLogoutRedirectURL  string `yaml:"postLogoutRedirectURL"  env:"OIDC_POST_LOGOUT_REDIRECT_URL"`
-	InsecureSkipVerify     bool   `yaml:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"`
-	AcrValues              string `yaml:"acrValues" env:"OIDC_ACR_VALUES"`
-	SkipIssuerVerification bool   `yaml:"skipIssuerVerification" env:"OIDC_SKIP_ISSUER_VERIFICATION"`
+	ClientID               string   `yaml:"clientId"  env:"OIDC_CLIENT_ID"`
+	ClientSecret           string   `yaml:"clientSecret"  env:"OIDC_CLIENT_SECRET"`
+	IssuerURL              string   `yaml:"issuerUrl"  env:"OIDC_ISSUER_URL"`
+	RedirectURL            string   `yaml:"redirectUrl"  env:"OIDC_REDIRECT_URL"`
+	PostLogoutRedirectURL  string   `yaml:"postLogoutRedirectURL"  env:"OIDC_POST_LOGOUT_REDIRECT_URL"`
+	InsecureSkipVerify     bool     `yaml:"insecureSkipVerify" env:"OIDC_INSECURE_SKIP_VERIFY"`
+	AcrValues              string   `yaml:"acrValues" env:"OIDC_ACR_VALUES"`
+	SkipIssuerVerification bool     `yaml:"skipIssuerVerification" env:"OIDC_SKIP_ISSUER_VERIFICATION"`
+	Scopes                 []string `yaml:"scopes" env:"OIDC_SCOPES"`
 }

 type LogConfig struct {
@ -86,11 +87,13 @@ func NewDefault() *Config {
 			PublicDir:               "public",
 		},
 		OIDC: OIDCConfig{
-			IssuerURL:             "http://localhost:4444/",
-			RedirectURL:           "http://localhost:3002/oauth2/callback",
-			PostLogoutRedirectURL: "http://localhost:3002",
-			InsecureSkipVerify:    false,
-			AcrValues:             "",
+			IssuerURL:              "http://localhost:4444/",
+			RedirectURL:            "http://localhost:3002/oauth2/callback",
+			PostLogoutRedirectURL:  "http://localhost:3002",
+			InsecureSkipVerify:     false,
+			SkipIssuerVerification: false,
+			AcrValues:              "",
+			Scopes:                 []string{"openid", "email"},
 		},
 	}
 }