providers/oauth2: add scopes_supported to discovery endpoint

2020-12-26 21:18:16 +01:00 · 2020-12-26 21:18:16 +01:00 · f17d809219
parent 6c8e9fb553
commit f17d809219
1 changed files with 5 additions and 1 deletions
--- a/authentik/providers/oauth2/views/provider.py
+++ b/authentik/providers/oauth2/views/provider.py
@ -7,7 +7,7 @@ from django.views import View
 from structlog import get_logger

 from authentik.core.models import Application
-from authentik.providers.oauth2.constants import ACR_AUTHENTIK_DEFAULT
+from authentik.providers.oauth2.constants import ACR_AUTHENTIK_DEFAULT, SCOPE_OPENID
 from authentik.providers.oauth2.models import OAuth2Provider

 LOGGER = get_logger()
@ -56,6 +56,10 @@ class ProviderInfoView(View):
                "client_secret_basic",
            ],
            "acr_values_supported": [ACR_AUTHENTIK_DEFAULT],
+            "scopes_supported": [
+                # We only advertise the 'openid' scope, as the rest vary depending on application
+                SCOPE_OPENID,
+            ],
        }

    # pylint: disable=unused-argument