diff --git a/docs/configuration-config-file.md b/docs/configuration-config-file.md index e01922594..0003680d2 100644 --- a/docs/configuration-config-file.md +++ b/docs/configuration-config-file.md @@ -145,7 +145,7 @@ these are rarely used for various reasons. | variables | example values | description | | --------- | ------ | ----------- | -| `oauth2` | `{baseURL: ..., userProfileURL: ..., userProfileUsernameAttr: ..., userProfileDisplayNameAttr: ..., userProfileEmailAttr: ..., tokenURL: ..., authorizationURL: ..., clientID: ..., clientSecret: ...}` | An object detailing your OAuth2 provider. Refer to the [Mattermost](guides/auth/mattermost-self-hosted.md) or [Nextcloud](guides/auth/nextcloud.md) examples for more details!| +| `oauth2` | `{baseURL: ..., userProfileURL: ..., userProfileUsernameAttr: ..., userProfileDisplayNameAttr: ..., userProfileEmailAttr: ..., tokenURL: ..., authorizationURL: ..., clientID: ..., clientSecret: ..., scope: ...}` | An object detailing your OAuth2 provider. Refer to the [Mattermost](guides/auth/mattermost-self-hosted.md) or [Nextcloud](guides/auth/nextcloud.md) examples for more details!| ### SAML Login diff --git a/docs/configuration-env-vars.md b/docs/configuration-env-vars.md index 81a878b1f..999e43057 100644 --- a/docs/configuration-env-vars.md +++ b/docs/configuration-env-vars.md @@ -165,6 +165,7 @@ defaultNotePath can't be set from env-vars | `CMD_OAUTH2_AUTHORIZATION_URL` | `https://example.com` | authorization URL of your provider, please refer to the documentation of your OAuth2 provider (no default value) | | `CMD_OAUTH2_CLIENT_ID` | `afae02fckafd...` | you will get this from your OAuth2 provider when you register CodiMD as OAuth2-client, (no default value) | | `CMD_OAUTH2_CLIENT_SECRET` | `afae02fckafd...` | you will get this from your OAuth2 provider when you register CodiMD as OAuth2-client, (no default value) | +| `CMD_OAUTH2_SCOPE` | `openid email profile` | The requested OAuth2/OIDC scopes, which are privileges that CodiMD can exercise on behalf of the user. Default is `openid email profile`, in order to retrieve user email/profile information via the user profile URL. | | `CMD_OAUTH2_PROVIDERNAME` | `My institution` | Optional name to be displayed at login form indicating the oAuth2 provider | diff --git a/lib/config/default.js b/lib/config/default.js index 46c89a4f3..7e9bb2e3b 100644 --- a/lib/config/default.js +++ b/lib/config/default.js @@ -92,7 +92,8 @@ module.exports = { authorizationURL: undefined, tokenURL: undefined, clientID: undefined, - clientSecret: undefined + clientSecret: undefined, + scope: 'openid email profile' }, facebook: { clientID: undefined, diff --git a/lib/config/environment.js b/lib/config/environment.js index d7dff6727..7aa55dec8 100644 --- a/lib/config/environment.js +++ b/lib/config/environment.js @@ -87,7 +87,8 @@ module.exports = { tokenURL: process.env.CMD_OAUTH2_TOKEN_URL, authorizationURL: process.env.CMD_OAUTH2_AUTHORIZATION_URL, clientID: process.env.CMD_OAUTH2_CLIENT_ID, - clientSecret: process.env.CMD_OAUTH2_CLIENT_SECRET + clientSecret: process.env.CMD_OAUTH2_CLIENT_SECRET, + scope: process.env.CMD_OAUTH2_SCOPE }, dropbox: { clientID: process.env.CMD_DROPBOX_CLIENTID, diff --git a/lib/config/hackmdEnvironment.js b/lib/config/hackmdEnvironment.js index e7795b458..0bc1a7f7d 100644 --- a/lib/config/hackmdEnvironment.js +++ b/lib/config/hackmdEnvironment.js @@ -76,7 +76,8 @@ module.exports = { tokenURL: process.env.HMD_OAUTH2_TOKEN_URL, authorizationURL: process.env.HMD_OAUTH2_AUTHORIZATION_URL, clientID: process.env.HMD_OAUTH2_CLIENT_ID, - clientSecret: process.env.HMD_OAUTH2_CLIENT_SECRET + clientSecret: process.env.HMD_OAUTH2_CLIENT_SECRET, + scope: process.env.HMD_OAUTH2_SCOPE }, dropbox: { clientID: process.env.HMD_DROPBOX_CLIENTID, diff --git a/lib/web/auth/oauth2/index.js b/lib/web/auth/oauth2/index.js index 2bd731961..1865ad54c 100644 --- a/lib/web/auth/oauth2/index.js +++ b/lib/web/auth/oauth2/index.js @@ -89,7 +89,8 @@ passport.use(new OAuth2CustomStrategy({ clientID: config.oauth2.clientID, clientSecret: config.oauth2.clientSecret, callbackURL: config.serverURL + '/auth/oauth2/callback', - userProfileURL: config.oauth2.userProfileURL + userProfileURL: config.oauth2.userProfileURL, + scope: config.oauth2.scope }, passportGeneralCallback)) oauth2Auth.get('/auth/oauth2', function (req, res, next) {