chore: add groups scope to default OIDC scopes

2025-07-16 02:04:04 +02:00 · 2025-04-26 03:31:44 +08:00 · 2025-04-26 03:31:44 +08:00 · 56c6a9f8fe
commit 56c6a9f8fe
parent be257b0532
2 changed files with 2 additions and 3 deletions
--- a/.env.example
+++ b/.env.example
@ -16,12 +16,11 @@ GODOXY_API_PASSWORD=password
 # OIDC Configuration (optional)
 # Uncomment and configure these values to enable OIDC authentication.
 # For `GODOXY_OIDC_SCOPES` you may also include `offline_access` if your Idp supports it (e.g. Authentik)
 #
 # GODOXY_OIDC_ISSUER_URL=https://accounts.google.com
 # GODOXY_OIDC_CLIENT_ID=your-client-id
 # GODOXY_OIDC_CLIENT_SECRET=your-client-secret
-# GODOXY_OIDC_SCOPES=openid, profile, email
+# GODOXY_OIDC_SCOPES=openid, profile, email, groups # you may also include `offline_access` if your Idp supports it (e.g. Authentik, Pocket ID)
 #
 # User definitions: Uncomment and configure these values to restrict access to specific users or groups.
 # These two fields act as a logical AND operator. For example, given the following membership:
--- a/internal/common/env.go
+++ b/internal/common/env.go
@ -48,7 +48,7 @@ var (
 	OIDCIssuerURL     = GetEnvString("OIDC_ISSUER_URL", "")
 	OIDCClientID      = GetEnvString("OIDC_CLIENT_ID", "")
 	OIDCClientSecret  = GetEnvString("OIDC_CLIENT_SECRET", "")
-	OIDCScopes        = GetCommaSepEnv("OIDC_SCOPES", "openid, profile, email")
+	OIDCScopes        = GetCommaSepEnv("OIDC_SCOPES", "openid, profile, email, groups")
 	OIDCAllowedUsers  = GetCommaSepEnv("OIDC_ALLOWED_USERS", "")
 	OIDCAllowedGroups = GetCommaSepEnv("OIDC_ALLOWED_GROUPS", "")