providers/proxy: set default scopes based on managed attribute

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 18:26:49 +02:00 · 2022-07-01 18:26:49 +02:00 · d11ce0a86e
parent 766ceda57a
commit d11ce0a86e
1 changed files with 5 additions and 10 deletions
--- a/authentik/providers/proxy/models.py
+++ b/authentik/providers/proxy/models.py
@ -11,11 +11,6 @@ from rest_framework.serializers import Serializer
 from authentik.crypto.models import CertificateKeyPair
 from authentik.lib.models import DomainlessURLValidator
 from authentik.outposts.models import OutpostModel
 from authentik.providers.oauth2.constants import (
    SCOPE_OPENID,
    SCOPE_OPENID_EMAIL,
    SCOPE_OPENID_PROFILE,
 )
 from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider, ScopeMapping
 SCOPE_AK_PROXY = "ak_proxy"
@ -125,11 +120,11 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
        self.client_type = ClientTypes.CONFIDENTIAL
        self.signing_key = None
        scopes = ScopeMapping.objects.filter(
-            scope_name__in=[
+            managed__in=[
-                SCOPE_OPENID,
+                "goauthentik.io/providers/oauth2/scope-openid",
-                SCOPE_OPENID_PROFILE,
+                "goauthentik.io/providers/oauth2/scope-profile",
-                SCOPE_OPENID_EMAIL,
+                "goauthentik.io/providers/oauth2/scope-email",
-                SCOPE_AK_PROXY,
+                "goauthentik.io/providers/proxy/scope-proxy",
            ]
        )
        self.property_mappings.add(*list(scopes))