added support to set default scopes to static clients

Signed-off-by: Denis Khachyan <[email protected]>
dexidp · Jul 18, 2024 · 2a81398 · 2a81398
1 parent b07e1bc
commit 2a81398
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/server/oauth2.go b/server/oauth2.go
@@ -17,6 +17,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"slices"
 	"strconv"
 	"strings"
 	"time"
@@ -524,6 +525,15 @@ func (s *Server) parseAuthorizationRequest(r *http.Request) (*storage.AuthReques
 		unrecognized  []string
 		invalidScopes []string
 	)
+
+	if len(client.DefaultScopes) > 0 {
+		for _, scope := range client.DefaultScopes {
+			if !slices.Contains(scopes, scope) {
+				scopes = append(scopes, scope)
+			}
+		}
+	}
+
 	hasOpenIDScope := false
 	for _, scope := range scopes {
 		switch scope {

diff --git a/storage/storage.go b/storage/storage.go
@@ -171,6 +171,9 @@ type Client struct {
 	// Name and LogoURL used when displaying this client to the end user.
 	Name    string `json:"name" yaml:"name"`
 	LogoURL string `json:"logoURL" yaml:"logoURL"`
+
+	// The set of OAuth2 scopes requested by default.
+	DefaultScopes []string `json:"defaultScopes" yaml:"defaultScopes"`
 }
 
 // Claims represents the ID Token claims supported by the server.