Merge pull request #12 from sevenwestmedia-labs/feature/EDIT-1320_exp…

…and-oidc-scope EDIT-1320: Expand OIDC scope
sevenwestmedia-labs · Aug 17, 2024 · b890e33 · b890e33
2 parents 6306c9c + 8506f31
commit b890e33
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 13 deletions.
diff --git a/.changeset/wild-eyes-smash.md b/.changeset/wild-eyes-smash.md
@@ -0,0 +1,5 @@
+---
+'@wanews/lambda-edge-openid-auth': patch
+---
+
+Update oidc request scope
diff --git a/src/lib/config.ts b/src/lib/config.ts
@@ -13,6 +13,7 @@ export interface RawIdp {
 export interface RawConfig {
     unauthenticatedPaths: string[]
     idps: RawIdp[]
+    scope?: string
 }
 
 export interface Idp {
@@ -33,6 +34,7 @@ export interface Config {
     publicUrl: string
     domain: string
     redirectUri: string
+    scope: string | undefined
     postLogoutRedirectUri: string
 }
 
@@ -54,19 +56,22 @@ export async function getConfig(
             publicUrl,
             domain: request.headers.host[0].value,
             redirectUri: `${publicUrl}${callbackPath}`,
+            scope: rawConfig.scope,
             postLogoutRedirectUri: `${publicUrl}${logoutCompletePath}`,
         },
-        idps: await Promise.all(rawConfig.idps.map(
-            async ({ clientId, clientSecret, name, props }) => {
-                const { discoveryDoc, jwks } = await providerMetadata(props)
-                return {
-                    discoveryDoc,
-                    jwks,
-                    name,
-                    clientId,
-                    clientSecret,
-                }
-            },
-        )),
+        idps: await Promise.all(
+            rawConfig.idps.map(
+                async ({ clientId, clientSecret, name, props }) => {
+                    const { discoveryDoc, jwks } = await providerMetadata(props)
+                    return {
+                        discoveryDoc,
+                        jwks,
+                        name,
+                        clientId,
+                        clientSecret,
+                    }
+                },
+            ),
+        ),
     }
 }
diff --git a/src/lib/handlers/redirect.ts b/src/lib/handlers/redirect.ts
@@ -16,7 +16,7 @@ export function redirect(
         redirect_uri: config.redirectUri,
         response_type: 'code',
         response_mode: 'query',
-        scope: 'openid offline_access',
+        scope: config.scope || 'openid offline_access',
         nonce: n[0],
         state: queryDict.next || '/',
         client_id: idpConfig.clientId,