Feature: add OIDC_SCOPE configuration and update OIDC strategy to use dynamic scope

2 weeks ago · 33b55e6cea
3 changed files with 9 additions and 2 deletions
--- a/apps/api/src/app/auth/auth.module.ts
+++ b/apps/api/src/app/auth/auth.module.ts
@ -45,12 +45,19 @@ import { OidcStrategy } from './oidc.strategy';
        configurationService: ConfigurationService
      ) => {
        const issuer = configurationService.get('OIDC_ISSUER');
+        const scopeString = configurationService.get('OIDC_SCOPE');
+        const scope = scopeString
+          .split(' ')
+          .map((s) => s.trim())
+          .filter((s) => s.length > 0);
+
        const options: any = {
          callbackURL: `${configurationService.get(
            'ROOT_URL'
          )}/api/auth/oidc/callback`,
          clientID: configurationService.get('OIDC_CLIENT_ID'),
-          clientSecret: configurationService.get('OIDC_CLIENT_SECRET')
+          clientSecret: configurationService.get('OIDC_CLIENT_SECRET'),
+          scope
        };

        if (issuer) {
--- a/apps/api/src/app/auth/oidc.strategy.ts
+++ b/apps/api/src/app/auth/oidc.strategy.ts
@ -29,7 +29,6 @@ export class OidcStrategy extends PassportStrategy(Strategy, 'oidc') {
    super({
      ...options,
      passReqToCallback: true,
-      scope: ['openid', 'profile', 'email'],
      store: OidcStrategy.stateStore
      // eslint-disable-next-line @typescript-eslint/no-explicit-any
    } as any);
--- a/apps/api/src/services/configuration/configuration.service.ts
+++ b/apps/api/src/services/configuration/configuration.service.ts
@ -62,6 +62,7 @@ export class ConfigurationService {
      OIDC_CLIENT_ID: str({ default: '' }),
      OIDC_CLIENT_SECRET: str({ default: '' }),
      OIDC_ISSUER: str({ default: '' }),
+      OIDC_SCOPE: str({ default: 'profile' }),
      OIDC_TOKEN_URL: str({ default: '' }),
      OIDC_USER_INFO_URL: str({ default: '' }),
      PORT: port({ default: DEFAULT_PORT }),