diff --git a/apps/api/src/app/auth/auth.module.ts b/apps/api/src/app/auth/auth.module.ts index a417563fd..be91058f4 100644 --- a/apps/api/src/app/auth/auth.module.ts +++ b/apps/api/src/app/auth/auth.module.ts @@ -45,12 +45,19 @@ import { OidcStrategy } from './oidc.strategy'; configurationService: ConfigurationService ) => { const issuer = configurationService.get('OIDC_ISSUER'); + const scopeString = configurationService.get('OIDC_SCOPE'); + const scope = scopeString + .split(' ') + .map((s) => s.trim()) + .filter((s) => s.length > 0); + const options: any = { callbackURL: `${configurationService.get( 'ROOT_URL' )}/api/auth/oidc/callback`, clientID: configurationService.get('OIDC_CLIENT_ID'), - clientSecret: configurationService.get('OIDC_CLIENT_SECRET') + clientSecret: configurationService.get('OIDC_CLIENT_SECRET'), + scope }; if (issuer) { diff --git a/apps/api/src/app/auth/oidc.strategy.ts b/apps/api/src/app/auth/oidc.strategy.ts index 34d300d0f..3224daed9 100644 --- a/apps/api/src/app/auth/oidc.strategy.ts +++ b/apps/api/src/app/auth/oidc.strategy.ts @@ -29,7 +29,6 @@ export class OidcStrategy extends PassportStrategy(Strategy, 'oidc') { super({ ...options, passReqToCallback: true, - scope: ['openid', 'profile', 'email'], store: OidcStrategy.stateStore // eslint-disable-next-line @typescript-eslint/no-explicit-any } as any); diff --git a/apps/api/src/services/configuration/configuration.service.ts b/apps/api/src/services/configuration/configuration.service.ts index 7c2b0adb9..56b0124fe 100644 --- a/apps/api/src/services/configuration/configuration.service.ts +++ b/apps/api/src/services/configuration/configuration.service.ts @@ -62,6 +62,7 @@ export class ConfigurationService { OIDC_CLIENT_ID: str({ default: '' }), OIDC_CLIENT_SECRET: str({ default: '' }), OIDC_ISSUER: str({ default: '' }), + OIDC_SCOPE: str({ default: 'profile' }), OIDC_TOKEN_URL: str({ default: '' }), OIDC_USER_INFO_URL: str({ default: '' }), PORT: port({ default: DEFAULT_PORT }),