providers/oauth2: don't handle api scope as special scope (#9910)

* providers/oauth2: don't handle api scope as special scope Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make default scope selection less magic Signed-off-by: Jens Langhammer <jens@goauthentik.io> * ensure missing folder exists Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix duplicate name Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-06-01 17:16:56 +09:00
parent 1cac1492d7
commit 95d26563e7
5 changed files with 25 additions and 14 deletions
--- a/web/src/admin/applications/wizard/methods/oauth/ak-application-wizard-authentication-by-oauth.ts
+++ b/web/src/admin/applications/wizard/methods/oauth/ak-application-wizard-authentication-by-oauth.ts
@ -3,6 +3,7 @@ import "@goauthentik/admin/common/ak-crypto-certificate-search";
 import "@goauthentik/admin/common/ak-flow-search/ak-branded-flow-search";
 import {
    clientTypeOptions,
+    defaultScopes,
    issuerModeOptions,
    redirectUriHelp,
    subjectModeOptions,
@ -225,10 +226,9 @@ export class ApplicationWizardAuthenticationByOauth extends BaseProviderPanel {
                                ${this.propertyMappings?.results.map((scope) => {
                                    let selected = false;
                                    if (!provider?.propertyMappings) {
-                                        selected =
-                                            scope.managed?.startsWith(
-                                                "goauthentik.io/providers/oauth2/scope-",
-                                            ) || false;
+                                        selected = scope.managed
+                                            ? defaultScopes.includes(scope.managed)
+                                            : false;
                                    } else {
                                        selected = Array.from(provider?.propertyMappings).some(
                                            (su) => {
--- a/web/src/admin/providers/oauth2/OAuth2ProviderForm.ts
+++ b/web/src/admin/providers/oauth2/OAuth2ProviderForm.ts
@ -48,6 +48,12 @@ export const clientTypeOptions = [
    },
 ];

+export const defaultScopes = [
+    "goauthentik.io/providers/oauth2/scope-openid",
+    "goauthentik.io/providers/oauth2/scope-email",
+    "goauthentik.io/providers/oauth2/scope-profile",
+];
+
 export const subjectModeOptions = [
    {
        label: msg("Based on the User's hashed ID"),
@ -289,14 +295,9 @@ export class OAuth2ProviderFormPage extends BaseProviderForm<OAuth2Provider> {
                            ${this.propertyMappings?.results.map((scope) => {
                                let selected = false;
                                if (!provider?.propertyMappings) {
-                                    selected =
-                                        // By default select all managed scope mappings, except offline_access
-                                        (scope.managed?.startsWith(
-                                            "goauthentik.io/providers/oauth2/scope-",
-                                        ) &&
-                                            scope.managed !==
-                                                "goauthentik.io/providers/oauth2/scope-offline_access") ||
-                                        false;
+                                    selected = scope.managed
+                                        ? defaultScopes.includes(scope.managed)
+                                        : false;
                                } else {
                                    selected = Array.from(provider?.propertyMappings).some((su) => {
                                        return su == scope.pk;