diff options
Diffstat (limited to 'packages')
| -rw-r--r-- | packages/wekan-oidc/oidc_client.js | 5 | ||||
| -rw-r--r-- | packages/wekan-oidc/oidc_server.js | 8 |
2 files changed, 9 insertions, 4 deletions
diff --git a/packages/wekan-oidc/oidc_client.js b/packages/wekan-oidc/oidc_client.js index 744bd841..6da9d9f0 100644 --- a/packages/wekan-oidc/oidc_client.js +++ b/packages/wekan-oidc/oidc_client.js @@ -18,10 +18,9 @@ Oidc.requestCredential = function (options, credentialRequestCompleteCallback) { new ServiceConfiguration.ConfigError('Service oidc not configured.')); return; } - + var credentialToken = Random.secret(); var loginStyle = OAuth._loginStyle('oidc', config, options); - var scope = config.requestPermissions || ['openid', 'profile', 'email']; // options options = options || {}; @@ -29,7 +28,7 @@ Oidc.requestCredential = function (options, credentialRequestCompleteCallback) { options.response_type = options.response_type || 'code'; options.redirect_uri = OAuth._redirectUri('oidc', config); options.state = OAuth._stateParam(loginStyle, credentialToken, options.redirectUrl); - options.scope = scope.join(' '); + options.scope = config.requestPermissions || 'openid profile email'; if (config.loginStyle && config.loginStyle == 'popup') { options.display = 'popup'; diff --git a/packages/wekan-oidc/oidc_server.js b/packages/wekan-oidc/oidc_server.js index ec615cd1..e826d1f5 100644 --- a/packages/wekan-oidc/oidc_server.js +++ b/packages/wekan-oidc/oidc_server.js @@ -49,7 +49,12 @@ if (Meteor.release) { var getToken = function (query) { var debug = process.env.DEBUG || false; var config = getConfiguration(); - var serverTokenEndpoint = config.serverUrl + config.tokenEndpoint; + if(config.tokenEndpoint.includes('https://')){ + var serverTokenEndpoint = config.tokenEndpoint; + }else{ + var serverTokenEndpoint = config.serverUrl + config.tokenEndpoint; + } + var requestPermissions = config.requestPermissions; var response; try { @@ -66,6 +71,7 @@ var getToken = function (query) { client_secret: OAuth.openSecret(config.secret), redirect_uri: OAuth._redirectUri('oidc', config), grant_type: 'authorization_code', + scope: requestPermissions, state: query.state } } |