Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along with Setting Scopes (#16766)

* Add setting to OAuth handlers to override local 2FA settings This PR adds a setting to OAuth and OpenID login sources to allow the source to override local 2FA requirements. Fix #13939 Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix regression from #16544 Signed-off-by: Andrew Thornton <art27@cantab.net> * Add scopes settings Signed-off-by: Andrew Thornton <art27@cantab.net> * fix trace logging in auth_openid Signed-off-by: Andrew Thornton <art27@cantab.net> * add required claim options Signed-off-by: Andrew Thornton <art27@cantab.net> * Move UpdateExternalUser to externalaccount Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow OAuth2/OIDC to set Admin/Restricted status Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow use of the same group claim name for the prohibit login value Signed-off-by: Andrew Thornton <art27@cantab.net> * fixup! Move UpdateExternalUser to externalaccount * as per wxiaoguang Signed-off-by: Andrew Thornton <art27@cantab.net> * add label back in Signed-off-by: Andrew Thornton <art27@cantab.net> * adjust localisation Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
author: zeripath <art27@cantab.net> 2021-12-14 08:37:11 +0000
committer: GitHub <noreply@github.com> 2021-12-14 16:37:11 +0800
commit: 0981ec30c3d5218939d44fc2f40725b0b4a03684 (patch)
tree: 5479fb309f9800310cf2268d493e1cd33abfeac6 /services/auth/source/oauth2/providers_openid.go
parent: b4782e24d2821bbb5647eff2eaf5c338e92324db (diff)
download: gitea-0981ec30c3d5218939d44fc2f40725b0b4a03684.tar.gz
gitea-0981ec30c3d5218939d44fc2f40725b0b4a03684.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/services/auth/source/oauth2/providers_openid.go b/services/auth/source/oauth2/providers_openid.go
index 7c3836503c..838311b4a1 100644
--- a/services/auth/source/oauth2/providers_openid.go
+++ b/services/auth/source/oauth2/providers_openid.go
@@ -33,7 +33,12 @@ func (o *OpenIDProvider) Image() string {
 
 // CreateGothProvider creates a GothProvider from this Provider
 func (o *OpenIDProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error) {
-	provider, err := openidConnect.New(source.ClientID, source.ClientSecret, callbackURL, source.OpenIDConnectAutoDiscoveryURL, setting.OAuth2Client.OpenIDConnectScopes...)
+	scopes := setting.OAuth2Client.OpenIDConnectScopes
+	if len(scopes) == 0 {
+		scopes = append(scopes, source.Scopes...)
+	}
+
+	provider, err := openidConnect.New(source.ClientID, source.ClientSecret, callbackURL, source.OpenIDConnectAutoDiscoveryURL, scopes...)
 	if err != nil {
 		log.Warn("Failed to create OpenID Connect Provider with name '%s' with url '%s': %v", providerName, source.OpenIDConnectAutoDiscoveryURL, err)
 	}
author	zeripath <art27@cantab.net>	2021-12-14 08:37:11 +0000
committer	GitHub <noreply@github.com>	2021-12-14 16:37:11 +0800
commit	0981ec30c3d5218939d44fc2f40725b0b4a03684 (patch)
tree	5479fb309f9800310cf2268d493e1cd33abfeac6 /services/auth/source/oauth2/providers_openid.go
parent	b4782e24d2821bbb5647eff2eaf5c338e92324db (diff)
download	gitea-0981ec30c3d5218939d44fc2f40725b0b4a03684.tar.gz gitea-0981ec30c3d5218939d44fc2f40725b0b4a03684.zip