Mirrors/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-12-08 19:35:14 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat: OIDC: add the ability to override the requested scopes (#4530)

Browse Source
This commit is contained in:
Carter
2024-11-09 10:52:12 -06:00
committed by GitHub
parent 8ce6f9038a
commit 6bc7ada20a
4 changed files with 42 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
mealie/core/settings/settings.py
View File

@@ -333,6 +333,7 @@ class AppSettings(AppLoggingSettings):
OIDC_REMEMBER_ME: bool = False
OIDC_USER_CLAIM: str = "email"
OIDC_GROUPS_CLAIM: str | None = "groups"
OIDC_SCOPES_OVERRIDE: str | None = None
OIDC_TLS_CACERTFILE: str | None = None
@property

8
mealie/routes/auth/auth.py
View File

@@ -28,8 +28,12 @@ remember_me_duration = timedelta(days=14)
settings = get_app_settings()
if settings.OIDC_READY:
oauth = OAuth()
groups_claim = settings.OIDC_GROUPS_CLAIM if settings.OIDC_REQUIRES_GROUP_CLAIM else ""
scope = f"openid email profile {groups_claim}"
scope = None
if settings.OIDC_SCOPES_OVERRIDE:
scope = settings.OIDC_SCOPES_OVERRIDE
else:
groups_claim = settings.OIDC_GROUPS_CLAIM if settings.OIDC_REQUIRES_GROUP_CLAIM else ""
scope = f"openid email profile {groups_claim}"
client_args = {"scope": scope.rstrip()}
if settings.OIDC_TLS_CACERTFILE:
client_args["verify"] = settings.OIDC_TLS_CACERTFILE