providers/proxy: return list of configured scope names so outpost requests custom scopes

closes #1762

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-11-10 23:06:21 +01:00
parent 1e8d45dc15
commit c98bdbacc5
3 changed files with 18 additions and 1 deletions

View file

@ -11,6 +11,7 @@ from authentik.core.api.providers import ProviderSerializer
from authentik.core.api.used_by import UsedByMixin from authentik.core.api.used_by import UsedByMixin
from authentik.core.api.utils import PassiveSerializer from authentik.core.api.utils import PassiveSerializer
from authentik.lib.utils.time import timedelta_from_string from authentik.lib.utils.time import timedelta_from_string
from authentik.providers.oauth2.models import ScopeMapping
from authentik.providers.oauth2.views.provider import ProviderInfoView from authentik.providers.oauth2.views.provider import ProviderInfoView
from authentik.providers.proxy.models import ProxyMode, ProxyProvider from authentik.providers.proxy.models import ProxyMode, ProxyProvider
@ -110,6 +111,7 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
oidc_configuration = SerializerMethodField() oidc_configuration = SerializerMethodField()
token_validity = SerializerMethodField() token_validity = SerializerMethodField()
scopes_to_request = SerializerMethodField()
@extend_schema_field(OpenIDConnectConfigurationSerializer) @extend_schema_field(OpenIDConnectConfigurationSerializer)
def get_oidc_configuration(self, obj: ProxyProvider): def get_oidc_configuration(self, obj: ProxyProvider):
@ -120,6 +122,14 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
"""Get token validity as second count""" """Get token validity as second count"""
return timedelta_from_string(obj.token_validity).total_seconds() return timedelta_from_string(obj.token_validity).total_seconds()
def get_scopes_to_request(self, obj: ProxyProvider) -> list[str]:
"""Get all the scope names the outpost should request,
including custom-defined ones"""
scope_names = set(
ScopeMapping.objects.filter(provider__in=[obj]).values_list("scope_name", flat=True)
)
return list(scope_names)
class Meta: class Meta:
model = ProxyProvider model = ProxyProvider
@ -141,6 +151,7 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
"mode", "mode",
"cookie_domain", "cookie_domain",
"token_validity", "token_validity",
"scopes_to_request",
] ]

View file

@ -66,7 +66,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
ClientSecret: *p.ClientSecret, ClientSecret: *p.ClientSecret,
RedirectURL: urlJoin(p.ExternalHost, "/akprox/callback"), RedirectURL: urlJoin(p.ExternalHost, "/akprox/callback"),
Endpoint: endpoint.Endpoint, Endpoint: endpoint.Endpoint,
Scopes: []string{oidc.ScopeOpenID, "profile", "email", "ak_proxy"}, Scopes: p.ScopesToRequest,
} }
mux := mux.NewRouter() mux := mux.NewRouter()
a := &Application{ a := &Application{

View file

@ -28589,11 +28589,17 @@ components:
format: float format: float
nullable: true nullable: true
readOnly: true readOnly: true
scopes_to_request:
type: array
items:
type: string
readOnly: true
required: required:
- external_host - external_host
- name - name
- oidc_configuration - oidc_configuration
- pk - pk
- scopes_to_request
- token_validity - token_validity
ProxyProvider: ProxyProvider:
type: object type: object