From 81d96394b9ad52189cd61da930aa8b5795373607 Mon Sep 17 00:00:00 2001
From: yusing <yusing@6uo.me>
Date: Mon, 13 Jan 2025 08:30:46 +0800
Subject: [PATCH] allow customizing OICD scopes

---
 .env.example                 | 4 +++-
 internal/api/v1/auth/oidc.go | 3 ++-
 internal/common/env.go       | 1 +
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/.env.example b/.env.example
index 69972748..19d7c249 100644
--- a/.env.example
+++ b/.env.example
@@ -20,6 +20,8 @@ GODOXY_API_PASSWORD=password
 # GODOXY_OIDC_CLIENT_SECRET=your-client-secret
 # Keep /api/auth/callback as the redirect URL, change the domain to match your setup.
 # GODOXY_OIDC_REDIRECT_URL=https://your-domain/api/auth/callback
+# Comma-separated list of scopes
+# GODOXY_OIDC_SCOPES=openid, profile, email
 
 # Proxy listening address
 GODOXY_HTTP_ADDR=:80
@@ -32,4 +34,4 @@ GODOXY_API_ADDR=127.0.0.1:8888
 #GODOXY_PROMETHEUS_ADDR=:8889
 
 # Debug mode
-GODOXY_DEBUG=false
+GODOXY_DEBUG=false
\ No newline at end of file
diff --git a/internal/api/v1/auth/oidc.go b/internal/api/v1/auth/oidc.go
index d5cffff5..3b1886ae 100644
--- a/internal/api/v1/auth/oidc.go
+++ b/internal/api/v1/auth/oidc.go
@@ -9,6 +9,7 @@ import (
 	U "github.com/yusing/go-proxy/internal/api/v1/utils"
 	"github.com/yusing/go-proxy/internal/common"
 	E "github.com/yusing/go-proxy/internal/error"
+	"github.com/yusing/go-proxy/internal/utils/strutils"
 	"golang.org/x/oauth2"
 )
 
@@ -39,7 +40,7 @@ func InitOIDC(issuerURL, clientID, clientSecret, redirectURL string) error {
 		ClientSecret: clientSecret,
 		RedirectURL:  redirectURL,
 		Endpoint:     provider.Endpoint(),
-		Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
+		Scopes:       strutils.CommaSeperatedList(common.OIDCScopes),
 	}
 
 	return nil
diff --git a/internal/common/env.go b/internal/common/env.go
index 97eff076..b8f9a09a 100644
--- a/internal/common/env.go
+++ b/internal/common/env.go
@@ -50,6 +50,7 @@ var (
 	OIDCClientID     = GetEnvString("OIDC_CLIENT_ID", "")
 	OIDCClientSecret = GetEnvString("OIDC_CLIENT_SECRET", "")
 	OIDCRedirectURL  = GetEnvString("OIDC_REDIRECT_URL", "")
+	OIDCScopes       = GetEnvString("OIDC_SCOPES", "openid, profile, email")
 )
 
 func GetEnv[T any](key string, defaultValue T, parser func(string) (T, error)) T {