allow customizing OICD scopes

.env.example

@@ -20,6 +20,8 @@ GODOXY_API_PASSWORD=password
 # GODOXY_OIDC_CLIENT_SECRET=your-client-secret
 # Keep /api/auth/callback as the redirect URL, change the domain to match your setup.
 # GODOXY_OIDC_REDIRECT_URL=https://your-domain/api/auth/callback
+# Comma-separated list of scopes
+# GODOXY_OIDC_SCOPES=openid, profile, email
 
 # Proxy listening address
 GODOXY_HTTP_ADDR=:80
@@ -32,4 +34,4 @@ GODOXY_API_ADDR=127.0.0.1:8888
 #GODOXY_PROMETHEUS_ADDR=:8889
 
 # Debug mode
-GODOXY_DEBUG=false
+GODOXY_DEBUG=false

internal/api/v1/auth/oidc.go

@@ -9,6 +9,7 @@ import (
 	U "github.com/yusing/go-proxy/internal/api/v1/utils"
 	"github.com/yusing/go-proxy/internal/common"
 	E "github.com/yusing/go-proxy/internal/error"
+	"github.com/yusing/go-proxy/internal/utils/strutils"
 	"golang.org/x/oauth2"
 )
 
@@ -39,7 +40,7 @@ func InitOIDC(issuerURL, clientID, clientSecret, redirectURL string) error {
 		ClientSecret: clientSecret,
 		RedirectURL:  redirectURL,
 		Endpoint:     provider.Endpoint(),
-		Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
+		Scopes:       strutils.CommaSeperatedList(common.OIDCScopes),
 	}
 
 	return nil

internal/common/env.go

@@ -50,6 +50,7 @@ var (
 	OIDCClientID     = GetEnvString("OIDC_CLIENT_ID", "")
 	OIDCClientSecret = GetEnvString("OIDC_CLIENT_SECRET", "")
 	OIDCRedirectURL  = GetEnvString("OIDC_REDIRECT_URL", "")
+	OIDCScopes       = GetEnvString("OIDC_SCOPES", "openid, profile, email")
 )
 
 func GetEnv[T any](key string, defaultValue T, parser func(string) (T, error)) T {