From 56c6a9f8fe522344c585d9802f3f4e2830b12140 Mon Sep 17 00:00:00 2001 From: yusing Date: Sat, 26 Apr 2025 03:31:44 +0800 Subject: [PATCH] chore: add `groups` scope to default OIDC scopes --- .env.example | 3 +-- internal/common/env.go | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.env.example b/.env.example index 770dc99..fff8812 100644 --- a/.env.example +++ b/.env.example @@ -16,12 +16,11 @@ GODOXY_API_PASSWORD=password # OIDC Configuration (optional) # Uncomment and configure these values to enable OIDC authentication. -# For `GODOXY_OIDC_SCOPES` you may also include `offline_access` if your Idp supports it (e.g. Authentik) # # GODOXY_OIDC_ISSUER_URL=https://accounts.google.com # GODOXY_OIDC_CLIENT_ID=your-client-id # GODOXY_OIDC_CLIENT_SECRET=your-client-secret -# GODOXY_OIDC_SCOPES=openid, profile, email +# GODOXY_OIDC_SCOPES=openid, profile, email, groups # you may also include `offline_access` if your Idp supports it (e.g. Authentik, Pocket ID) # # User definitions: Uncomment and configure these values to restrict access to specific users or groups. # These two fields act as a logical AND operator. For example, given the following membership: diff --git a/internal/common/env.go b/internal/common/env.go index 4b05841..73df195 100644 --- a/internal/common/env.go +++ b/internal/common/env.go @@ -48,7 +48,7 @@ var ( OIDCIssuerURL = GetEnvString("OIDC_ISSUER_URL", "") OIDCClientID = GetEnvString("OIDC_CLIENT_ID", "") OIDCClientSecret = GetEnvString("OIDC_CLIENT_SECRET", "") - OIDCScopes = GetCommaSepEnv("OIDC_SCOPES", "openid, profile, email") + OIDCScopes = GetCommaSepEnv("OIDC_SCOPES", "openid, profile, email, groups") OIDCAllowedUsers = GetCommaSepEnv("OIDC_ALLOWED_USERS", "") OIDCAllowedGroups = GetCommaSepEnv("OIDC_ALLOWED_GROUPS", "")