providers/proxy: return list of configured scope names so outpost requests custom scopes
closes #1762 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
1e8d45dc15
commit
c98bdbacc5
|
@ -11,6 +11,7 @@ from authentik.core.api.providers import ProviderSerializer
|
|||
from authentik.core.api.used_by import UsedByMixin
|
||||
from authentik.core.api.utils import PassiveSerializer
|
||||
from authentik.lib.utils.time import timedelta_from_string
|
||||
from authentik.providers.oauth2.models import ScopeMapping
|
||||
from authentik.providers.oauth2.views.provider import ProviderInfoView
|
||||
from authentik.providers.proxy.models import ProxyMode, ProxyProvider
|
||||
|
||||
|
@ -110,6 +111,7 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
|
|||
|
||||
oidc_configuration = SerializerMethodField()
|
||||
token_validity = SerializerMethodField()
|
||||
scopes_to_request = SerializerMethodField()
|
||||
|
||||
@extend_schema_field(OpenIDConnectConfigurationSerializer)
|
||||
def get_oidc_configuration(self, obj: ProxyProvider):
|
||||
|
@ -120,6 +122,14 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
|
|||
"""Get token validity as second count"""
|
||||
return timedelta_from_string(obj.token_validity).total_seconds()
|
||||
|
||||
def get_scopes_to_request(self, obj: ProxyProvider) -> list[str]:
|
||||
"""Get all the scope names the outpost should request,
|
||||
including custom-defined ones"""
|
||||
scope_names = set(
|
||||
ScopeMapping.objects.filter(provider__in=[obj]).values_list("scope_name", flat=True)
|
||||
)
|
||||
return list(scope_names)
|
||||
|
||||
class Meta:
|
||||
|
||||
model = ProxyProvider
|
||||
|
@ -141,6 +151,7 @@ class ProxyOutpostConfigSerializer(ModelSerializer):
|
|||
"mode",
|
||||
"cookie_domain",
|
||||
"token_validity",
|
||||
"scopes_to_request",
|
||||
]
|
||||
|
||||
|
||||
|
|
|
@ -66,7 +66,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
|
|||
ClientSecret: *p.ClientSecret,
|
||||
RedirectURL: urlJoin(p.ExternalHost, "/akprox/callback"),
|
||||
Endpoint: endpoint.Endpoint,
|
||||
Scopes: []string{oidc.ScopeOpenID, "profile", "email", "ak_proxy"},
|
||||
Scopes: p.ScopesToRequest,
|
||||
}
|
||||
mux := mux.NewRouter()
|
||||
a := &Application{
|
||||
|
|
|
@ -28589,11 +28589,17 @@ components:
|
|||
format: float
|
||||
nullable: true
|
||||
readOnly: true
|
||||
scopes_to_request:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
readOnly: true
|
||||
required:
|
||||
- external_host
|
||||
- name
|
||||
- oidc_configuration
|
||||
- pk
|
||||
- scopes_to_request
|
||||
- token_validity
|
||||
ProxyProvider:
|
||||
type: object
|
||||
|
|
Reference in a new issue