summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/configuration.md3
-rw-r--r--lib/config/default.js3
-rw-r--r--lib/config/environment.js3
-rw-r--r--lib/config/hackmdEnvironment.js3
-rw-r--r--lib/web/auth/oauth2/index.js3
5 files changed, 10 insertions, 5 deletions
diff --git a/docs/configuration.md b/docs/configuration.md
index 20f853de..aa6b5191 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -181,7 +181,7 @@ these are rarely used for various reasons.
| config file | environment | example value | description |
| ----------- | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `oauth2` | | `{baseURL: ..., userProfileURL: ..., userProfileUsernameAttr: ..., userProfileDisplayNameAttr: ..., userProfileEmailAttr: ..., tokenURL: ..., authorizationURL: ..., clientID: ..., clientSecret: ...}` | An object detailing your OAuth2 provider. Refer to the [Mattermost](guides/auth/mattermost-self-hosted.md) or [Nextcloud](guides/auth/nextcloud.md) examples for more details! |
+| `oauth2` | | `{baseURL: ..., userProfileURL: ..., userProfileUsernameAttr: ..., userProfileDisplayNameAttr: ..., userProfileEmailAttr: ..., tokenURL: ..., authorizationURL: ..., clientID: ..., clientSecret: ..., scope: ...}` | An object detailing your OAuth2 provider. Refer to the [Mattermost](guides/auth/mattermost-self-hosted.md) or [Nextcloud](guides/auth/nextcloud.md) examples for more details! |
| | `CMD_OAUTH2_USER_PROFILE_URL` | `https://example.com` | Where to retrieve information about a user after successful login. Needs to output JSON. (no default value) Refer to the [Mattermost](guides/auth/mattermost-self-hosted.md) or [Nextcloud](guides/auth/nextcloud.md) examples for more details on all of the `CMD_OAUTH2...` options. |
| | `CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR` | `name` | where to find the username in the JSON from the user profile URL. (no default value) |
| | `CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR` | `display-name` | where to find the display-name in the JSON from the user profile URL. (no default value) |
@@ -191,6 +191,7 @@ these are rarely used for various reasons.
| | `CMD_OAUTH2_CLIENT_ID` | `afae02fckafd...` | you will get this from your OAuth2 provider when you register CodiMD as OAuth2-client, (no default value) |
| | `CMD_OAUTH2_CLIENT_SECRET` | `afae02fckafd...` | you will get this from your OAuth2 provider when you register CodiMD as OAuth2-client, (no default value) |
| | `CMD_OAUTH2_PROVIDERNAME` | `My institution` | Optional name to be displayed at login form indicating the oAuth2 provider |
+| | `CMD_OAUTH2_SCOPE` | `openid email profile` | Scope to request for OIDC (OpenID Connect) providers. |
### SAML Login
diff --git a/lib/config/default.js b/lib/config/default.js
index 7504fda2..9b852d1e 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -91,7 +91,8 @@ module.exports = {
authorizationURL: undefined,
tokenURL: undefined,
clientID: undefined,
- clientSecret: undefined
+ clientSecret: undefined,
+ scope: undefined
},
facebook: {
clientID: undefined,
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 219be499..87a7e3ee 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -92,7 +92,8 @@ module.exports = {
tokenURL: process.env.CMD_OAUTH2_TOKEN_URL,
authorizationURL: process.env.CMD_OAUTH2_AUTHORIZATION_URL,
clientID: process.env.CMD_OAUTH2_CLIENT_ID,
- clientSecret: process.env.CMD_OAUTH2_CLIENT_SECRET
+ clientSecret: process.env.CMD_OAUTH2_CLIENT_SECRET,
+ scope: process.env.CMD_OAUTH2_SCOPE
},
dropbox: {
clientID: process.env.CMD_DROPBOX_CLIENTID,
diff --git a/lib/config/hackmdEnvironment.js b/lib/config/hackmdEnvironment.js
index dcfda0bc..d4ae77f0 100644
--- a/lib/config/hackmdEnvironment.js
+++ b/lib/config/hackmdEnvironment.js
@@ -81,7 +81,8 @@ module.exports = {
tokenURL: process.env.HMD_OAUTH2_TOKEN_URL,
authorizationURL: process.env.HMD_OAUTH2_AUTHORIZATION_URL,
clientID: process.env.HMD_OAUTH2_CLIENT_ID,
- clientSecret: process.env.HMD_OAUTH2_CLIENT_SECRET
+ clientSecret: process.env.HMD_OAUTH2_CLIENT_SECRET,
+ scope: process.env.HMD_OAUTH2_SCOPE
},
dropbox: {
clientID: process.env.HMD_DROPBOX_CLIENTID,
diff --git a/lib/web/auth/oauth2/index.js b/lib/web/auth/oauth2/index.js
index 2bd73196..1865ad54 100644
--- a/lib/web/auth/oauth2/index.js
+++ b/lib/web/auth/oauth2/index.js
@@ -89,7 +89,8 @@ passport.use(new OAuth2CustomStrategy({
clientID: config.oauth2.clientID,
clientSecret: config.oauth2.clientSecret,
callbackURL: config.serverURL + '/auth/oauth2/callback',
- userProfileURL: config.oauth2.userProfileURL
+ userProfileURL: config.oauth2.userProfileURL,
+ scope: config.oauth2.scope
}, passportGeneralCallback))
oauth2Auth.get('/auth/oauth2', function (req, res, next) {