Merge pull request #2931 from coreos-inc/joseph.schorr/QS-76/oidc-scopes

Allow admins to configure the login scopes for OIDC login
2017-12-08 13:33:06 -05:00 · 2017-12-08 13:33:06 -05:00 · 44c77b4cbb
commit 44c77b4cbb
parent c733c87312 c55ad59f1f
3 changed files with 35 additions and 4 deletions
--- a/static/directives/config/config-setup-tool.html
+++ b/static/directives/config/config-setup-tool.html
@ -1172,6 +1172,17 @@
                  </div>
                </td>
              </tr>
+              <tr>
+                <td>Login Scopes:</td>
+                <td>
+                  <span class="config-list-field" item-title="Login Scope" binding="config[provider].LOGIN_SCOPES"></span>
+                  <div class="help-text">
+                    If specified, the scopes to send to the OIDC provider when performing the login flow. Note that, <strong>if specified</strong>, these scopes will
+                    <strong>override</strong> those set by default, so this list <strong>must</strong> include a scope for OpenID Connect
+                    (typically the <code>openid</code> scope) or this provider will fail.
+                  </div>
+                </td>
+              </tr>
            </table>
            <div>
              <h4>Callback URLs for this service:</h4>