providers/proxy: set default scopes based on managed attribute

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-07-01 18:26:49 +02:00
parent 766ceda57a
commit d11ce0a86e

View file

@ -11,11 +11,6 @@ from rest_framework.serializers import Serializer
from authentik.crypto.models import CertificateKeyPair from authentik.crypto.models import CertificateKeyPair
from authentik.lib.models import DomainlessURLValidator from authentik.lib.models import DomainlessURLValidator
from authentik.outposts.models import OutpostModel from authentik.outposts.models import OutpostModel
from authentik.providers.oauth2.constants import (
SCOPE_OPENID,
SCOPE_OPENID_EMAIL,
SCOPE_OPENID_PROFILE,
)
from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider, ScopeMapping from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider, ScopeMapping
SCOPE_AK_PROXY = "ak_proxy" SCOPE_AK_PROXY = "ak_proxy"
@ -125,11 +120,11 @@ class ProxyProvider(OutpostModel, OAuth2Provider):
self.client_type = ClientTypes.CONFIDENTIAL self.client_type = ClientTypes.CONFIDENTIAL
self.signing_key = None self.signing_key = None
scopes = ScopeMapping.objects.filter( scopes = ScopeMapping.objects.filter(
scope_name__in=[ managed__in=[
SCOPE_OPENID, "goauthentik.io/providers/oauth2/scope-openid",
SCOPE_OPENID_PROFILE, "goauthentik.io/providers/oauth2/scope-profile",
SCOPE_OPENID_EMAIL, "goauthentik.io/providers/oauth2/scope-email",
SCOPE_AK_PROXY, "goauthentik.io/providers/proxy/scope-proxy",
] ]
) )
self.property_mappings.add(*list(scopes)) self.property_mappings.add(*list(scopes))