🔀 Merge pull request #1641 from nOw-Ay/master

 🔧 add OIDC scope option

docs/authentication.md

@@ -285,6 +285,7 @@ appConfig:
     oidc:
       clientId: [registered client id]
       endpoint: [OIDC endpoint]
+      scope: [The scope(s) to request from the OIDC provider]
 ```
 
 Because Dashy is a SPA, a [public client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1) registration with PKCE is needed.

docs/configuring.md

@@ -202,6 +202,7 @@ For more info, see the **[Authentication Docs](/docs/authentication.md)**
 --- | --- | --- | ---
 **`clientId`** | `string` | Required | The client id registered in the OIDC server
 **`endpoint`** | `string` | Required | The URL of the OIDC server that should be used.
+**`scope`** | `string` | Required | The scope(s) to request from the OIDC provider
 
 **[⬆️ Back to Top](#configuring)**
 

src/utils/ConfigSchema.json

@@ -565,7 +565,12 @@
                   "title": "OIDC Client Id",
                   "type": "string",
                   "description": "ClientId from OIDC provider"
-                }
+                },
+                "scope" : {
+                    "title": "OIDC Scope",
+                    "type": "string",
+                    "description": "The scope(s) to request from the OIDC provider"
+                  }
               }
             },
             "enableHeaderAuth": {

src/utils/OidcAuth.js

@@ -13,14 +13,14 @@ const getAppConfig = () => {
 class OidcAuth {
   constructor() {
     const { auth } = getAppConfig();
-    const { clientId, endpoint } = auth.oidc;
+    const { clientId, endpoint, scope } = auth.oidc;
     const settings = {
       userStore: new WebStorageStateStore({ store: window.localStorage }),
       authority: endpoint,
       client_id: clientId,
       redirect_uri: `${window.location.origin}`,
       response_type: 'code',
-      scope: 'openid profile email roles groups',
+      scope: scope || 'openid profile email roles groups',
       response_mode: 'query',
       filterProtocolClaims: true,
     };