0001-idp_oidc-add-setting-for-list-of-scopes-fixes-15611.patch
src/authentic2_idp_oidc/app_settings.py | ||
---|---|---|
22 | 22 |
def JWKSET(self): |
23 | 23 |
return self._setting('JWKSET', []) |
24 | 24 | |
25 |
@property |
|
26 |
def SCOPES(self): |
|
27 |
return self._setting('SCOPES', []) |
|
28 | ||
25 | 29 |
import sys |
26 | 30 | |
27 | 31 |
app_settings = AppSettings('A2_IDP_OIDC_') |
src/authentic2_idp_oidc/views.py | ||
---|---|---|
136 | 136 |
error_description='openid scope is missing', |
137 | 137 |
state=state, |
138 | 138 |
fragment=fragment) |
139 |
if not (scopes <= set(['openid', 'profile', 'email'])): |
|
139 |
allowed_scopes = app_settings.SCOPES or ['openid', 'email', 'profile'] |
|
140 |
if not (scopes <= set(allowed_scopes)): |
|
140 | 141 |
return authorization_error(request, redirect_uri, 'invalid_scope', |
141 |
error_description='only openid, profile and email scopes are '
|
|
142 |
'supported',
|
|
142 |
error_description='only %s scopes are '
|
|
143 |
'supported %s' % (','.join(allowed_scopes), scopes),
|
|
143 | 144 |
state=state, |
144 | 145 |
fragment=fragment) |
145 | 146 | |
146 |
- |