providers/proxy: return list of configured scope names so outpost requests custom scopes
closes #1762 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
parent
1e8d45dc15
commit
c98bdbacc5
|
|
@ -11,6 +11,7 @@ from authentik.core.api.providers import ProviderSerializer
|
||||||
from authentik.core.api.used_by import UsedByMixin
|
from authentik.core.api.used_by import UsedByMixin
|
||||||
from authentik.core.api.utils import PassiveSerializer
|
from authentik.core.api.utils import PassiveSerializer
|
||||||
from authentik.lib.utils.time import timedelta_from_string
|
from authentik.lib.utils.time import timedelta_from_string
|
||||||
|
from authentik.providers.oauth2.models import ScopeMapping
|
||||||
from authentik.providers.oauth2.views.provider import ProviderInfoView
|
from authentik.providers.oauth2.views.provider import ProviderInfoView
|
||||||
from authentik.providers.proxy.models import ProxyMode, ProxyProvider
|
from authentik.providers.proxy.models import ProxyMode, ProxyProvider
|
||||||
|
|
||||||
|
|
@ -110,6 +111,7 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
|
||||||
|
|
||||||
oidc_configuration = SerializerMethodField()
|
oidc_configuration = SerializerMethodField()
|
||||||
token_validity = SerializerMethodField()
|
token_validity = SerializerMethodField()
|
||||||
|
scopes_to_request = SerializerMethodField()
|
||||||
|
|
||||||
@extend_schema_field(OpenIDConnectConfigurationSerializer)
|
@extend_schema_field(OpenIDConnectConfigurationSerializer)
|
||||||
def get_oidc_configuration(self, obj: ProxyProvider):
|
def get_oidc_configuration(self, obj: ProxyProvider):
|
||||||
|
|
@ -120,6 +122,14 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
|
||||||
"""Get token validity as second count"""
|
"""Get token validity as second count"""
|
||||||
return timedelta_from_string(obj.token_validity).total_seconds()
|
return timedelta_from_string(obj.token_validity).total_seconds()
|
||||||
|
|
||||||
|
def get_scopes_to_request(self, obj: ProxyProvider) -> list[str]:
|
||||||
|
"""Get all the scope names the outpost should request,
|
||||||
|
including custom-defined ones"""
|
||||||
|
scope_names = set(
|
||||||
|
ScopeMapping.objects.filter(provider__in=[obj]).values_list("scope_name", flat=True)
|
||||||
|
)
|
||||||
|
return list(scope_names)
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
|
|
||||||
model = ProxyProvider
|
model = ProxyProvider
|
||||||
|
|
@ -141,6 +151,7 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
|
||||||
"mode",
|
"mode",
|
||||||
"cookie_domain",
|
"cookie_domain",
|
||||||
"token_validity",
|
"token_validity",
|
||||||
|
"scopes_to_request",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -66,7 +66,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
|
||||||
ClientSecret: *p.ClientSecret,
|
ClientSecret: *p.ClientSecret,
|
||||||
RedirectURL: urlJoin(p.ExternalHost, "/akprox/callback"),
|
RedirectURL: urlJoin(p.ExternalHost, "/akprox/callback"),
|
||||||
Endpoint: endpoint.Endpoint,
|
Endpoint: endpoint.Endpoint,
|
||||||
Scopes: []string{oidc.ScopeOpenID, "profile", "email", "ak_proxy"},
|
Scopes: p.ScopesToRequest,
|
||||||
}
|
}
|
||||||
mux := mux.NewRouter()
|
mux := mux.NewRouter()
|
||||||
a := &Application{
|
a := &Application{
|
||||||
|
|
|
||||||
|
|
@ -28589,11 +28589,17 @@ components:
|
||||||
format: float
|
format: float
|
||||||
nullable: true
|
nullable: true
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
scopes_to_request:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
readOnly: true
|
||||||
required:
|
required:
|
||||||
- external_host
|
- external_host
|
||||||
- name
|
- name
|
||||||
- oidc_configuration
|
- oidc_configuration
|
||||||
- pk
|
- pk
|
||||||
|
- scopes_to_request
|
||||||
- token_validity
|
- token_validity
|
||||||
ProxyProvider:
|
ProxyProvider:
|
||||||
type: object
|
type: object
|
||||||
|
|
|
||||||
Reference in New Issue