Add all supported scopes from discovery doc (#9015)

Fixes #9010
5 years ago · 852fb320f7
parent 8fb37a8417
commit 852fb320f7
6 changed files with 40 additions and 39 deletions
--- a/browser/app/js/browser/Login.js
+++ b/browser/app/js/browser/Login.js
@ -148,7 +148,8 @@ export class Login extends React.Component {
                  <OpenIDLoginButton
                    className="btn openid-btn"
                    clientId={this.state.clientId}
-                    authorizationEndpoint={this.state.discoveryDoc.authorization_endpoint}
+                    authEp={this.state.discoveryDoc.authorization_endpoint}
+                    authScopes={this.state.discoveryDoc.scopes_supported}
                  >
                    Log in with OpenID
                  </OpenIDLoginButton>
--- a/browser/app/js/browser/OpenIDLogin.js
+++ b/browser/app/js/browser/OpenIDLogin.js
@ -66,6 +66,7 @@ export class OpenIDLogin extends React.Component {

      const authURL = buildOpenIDAuthURL(
        this.state.discoveryDoc.authorization_endpoint,
+        this.state.discoveryDoc.scopes_supported,
        redirectURI,
        this.state.clientID,
        nonce
--- a/browser/app/js/browser/OpenIDLoginButton.js
+++ b/browser/app/js/browser/OpenIDLoginButton.js
@ -27,7 +27,7 @@ export class OpenIDLoginButton extends React.Component {

  handleClick(event) {
    event.stopPropagation()
-    const { authorizationEndpoint, clientId } = this.props
+    const { authEp, authScopes, clientId } = this.props

    let redirectURI = window.location.href.split("#")[0]
    if (redirectURI.endsWith('/')) {
@ -40,7 +40,7 @@ export class OpenIDLoginButton extends React.Component {
    const nonce = getRandomString(16)
    storage.setItem(OPEN_ID_NONCE_KEY, nonce)

-    const authURL = buildOpenIDAuthURL(authorizationEndpoint, redirectURI, clientId, nonce)
+    const authURL = buildOpenIDAuthURL(authEp, authScopes, redirectURI, clientId, nonce)
    window.location = authURL
  }

--- a/browser/app/js/browser/utils.js
+++ b/browser/app/js/browser/utils.js
@ -16,14 +16,13 @@

 export const OPEN_ID_NONCE_KEY = 'openIDKey'

-export const buildOpenIDAuthURL = (authorizationEndpoint, redirectURI, clientID, nonce) => {
+export const buildOpenIDAuthURL = (authEp, authScopes, redirectURI, clientID, nonce) => {
  const params = new URLSearchParams()
  params.set("response_type", "id_token")
-  params.set("scope", "openid")
+  params.set("scope", authScopes.join(" "))
  params.set("client_id", clientID)
  params.set("redirect_uri", redirectURI)
  params.set("nonce", nonce)

-  return `${authorizationEndpoint}?${params.toString()}`
+  return `${authEp}?${params.toString()}`
 }
-
--- a/browser/ui-assets.go
+++ b/browser/ui-assets.go
--- a/docs/sts/web-identity.go
+++ b/docs/sts/web-identity.go
@ -157,7 +157,7 @@ func main() {
 			TokenURL: ddoc.TokenEndpoint,
 		},
 		RedirectURL: fmt.Sprintf("http://localhost:%d/oauth2/callback", port),
-		Scopes:      []string{"openid"},
+		Scopes:      ddoc.ScopesSupported,
 	}

 	state := randomState()