Allow admins to configure the login scopes for OIDC login

Some OIDC implementations return a larger set of scopes than is necessary, so we allow admins to override.
2017-12-05 10:59:04 -05:00 · 2017-12-05 10:59:04 -05:00 · c55ad59f1f
commit c55ad59f1f
parent 4a5626e64b
3 changed files with 35 additions and 4 deletions
--- a/static/directives/config/config-setup-tool.html
+++ b/static/directives/config/config-setup-tool.html
@ -1172,6 +1172,17 @@
                  </div>
                </td>
              </tr>
+              <tr>
+                <td>Login Scopes:</td>
+                <td>
+                  <span class="config-list-field" item-title="Login Scope" binding="config[provider].LOGIN_SCOPES"></span>
+                  <div class="help-text">
+                    If specified, the scopes to send to the OIDC provider when performing the login flow. Note that, <strong>if specified</strong>, these scopes will
+                    <strong>override</strong> those set by default, so this list <strong>must</strong> include a scope for OpenID Connect
+                    (typically the <code>openid</code> scope) or this provider will fail.
+                  </div>
+                </td>
+              </tr>
            </table>
            <div>
              <h4>Callback URLs for this service:</h4>