@owlmeans/server-oidc-provider 0.1.5 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/iam.d.ts +27 -0
- package/build/iam.d.ts.map +1 -1
- package/build/iam.js +11 -1
- package/build/iam.js.map +1 -1
- package/build/index.d.ts +1 -1
- package/build/index.d.ts.map +1 -1
- package/build/index.js +1 -0
- package/build/index.js.map +1 -1
- package/build/service.d.ts.map +1 -1
- package/build/service.js +4 -2
- package/build/service.js.map +1 -1
- package/build/types.d.ts +5 -1
- package/build/types.d.ts.map +1 -1
- package/build/utils/config.d.ts.map +1 -1
- package/build/utils/config.js +7 -1
- package/build/utils/config.js.map +1 -1
- package/package.json +9 -9
- package/src/iam.ts +37 -1
- package/src/index.ts +1 -1
- package/src/service.ts +5 -2
- package/src/types.ts +6 -1
- package/src/utils/config.ts +7 -1
package/build/iam.d.ts
CHANGED
|
@@ -1,4 +1,31 @@
|
|
|
1
|
+
import type { ClientMetadata } from 'oidc-provider';
|
|
2
|
+
/** A registered OIDC client stored in the provider's Client adapter. */
|
|
3
|
+
export interface OidcRegisteredClient {
|
|
4
|
+
clientId: string;
|
|
5
|
+
secret: string;
|
|
6
|
+
/** The entity (realm) this client belongs to — used for identity scoping. */
|
|
7
|
+
entityId?: string;
|
|
8
|
+
/** Application display name */
|
|
9
|
+
name?: string;
|
|
10
|
+
redirectUris?: string[];
|
|
11
|
+
grantTypes?: string[];
|
|
12
|
+
responseTypes?: string[];
|
|
13
|
+
scope?: string;
|
|
14
|
+
}
|
|
15
|
+
/** Full oidc-provider ClientMetadata with our entity extension. */
|
|
16
|
+
export type OidcClientMetadata = ClientMetadata & {
|
|
17
|
+
entityId?: string;
|
|
18
|
+
owlEntityId?: string;
|
|
19
|
+
};
|
|
20
|
+
/** Convert an OidcRegisteredClient to the oidc-provider ClientMetadata shape. */
|
|
21
|
+
export declare const toClientMetadata: (client: OidcRegisteredClient) => OidcClientMetadata;
|
|
1
22
|
/** Extension seam for IAM integration into the OIDC provider — Phase 2 fills this */
|
|
2
23
|
export interface OidcProviderIamExtension {
|
|
24
|
+
/** Convert a stored client record to oidc-provider ClientMetadata */
|
|
25
|
+
toClientMetadata: typeof toClientMetadata;
|
|
26
|
+
/** Type of a stored client record */
|
|
27
|
+
OidcRegisteredClient: OidcRegisteredClient;
|
|
28
|
+
/** Extended metadata type */
|
|
29
|
+
OidcClientMetadata: OidcClientMetadata;
|
|
3
30
|
}
|
|
4
31
|
//# sourceMappingURL=iam.d.ts.map
|
package/build/iam.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iam.d.ts","sourceRoot":"","sources":["../src/iam.ts"],"names":[],"mappings":"AAAA,qFAAqF;AACrF,MAAM,WAAW,wBAAwB;
|
|
1
|
+
{"version":3,"file":"iam.d.ts","sourceRoot":"","sources":["../src/iam.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAgB,MAAM,eAAe,CAAA;AAEjE,wEAAwE;AACxE,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,CAAA;IACd,6EAA6E;IAC7E,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,+BAA+B;IAC/B,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;IACvB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;IACrB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;IACxB,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED,mEAAmE;AACnE,MAAM,MAAM,kBAAkB,GAAG,cAAc,GAAG;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,CAAA;AAE7F,iFAAiF;AACjF,eAAO,MAAM,gBAAgB,GAAI,QAAQ,oBAAoB,KAAG,kBAS9D,CAAA;AAEF,qFAAqF;AACrF,MAAM,WAAW,wBAAwB;IACvC,qEAAqE;IACrE,gBAAgB,EAAE,OAAO,gBAAgB,CAAA;IACzC,qCAAqC;IACrC,oBAAoB,EAAE,oBAAoB,CAAA;IAC1C,6BAA6B;IAC7B,kBAAkB,EAAE,kBAAkB,CAAA;CACvC"}
|
package/build/iam.js
CHANGED
|
@@ -1,2 +1,12 @@
|
|
|
1
|
-
|
|
1
|
+
/** Convert an OidcRegisteredClient to the oidc-provider ClientMetadata shape. */
|
|
2
|
+
export const toClientMetadata = (client) => ({
|
|
3
|
+
client_id: client.clientId,
|
|
4
|
+
client_secret: client.secret,
|
|
5
|
+
redirect_uris: client.redirectUris ?? [],
|
|
6
|
+
grant_types: client.grantTypes ?? ['authorization_code', 'refresh_token'],
|
|
7
|
+
response_types: (client.responseTypes ?? ['code']),
|
|
8
|
+
token_endpoint_auth_method: 'client_secret_basic',
|
|
9
|
+
scope: client.scope ?? 'openid profile offline_access',
|
|
10
|
+
owlEntityId: client.entityId,
|
|
11
|
+
});
|
|
2
12
|
//# sourceMappingURL=iam.js.map
|
package/build/iam.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iam.js","sourceRoot":"","sources":["../src/iam.ts"],"names":[],"mappings":""}
|
|
1
|
+
{"version":3,"file":"iam.js","sourceRoot":"","sources":["../src/iam.ts"],"names":[],"mappings":"AAmBA,iFAAiF;AACjF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,MAA4B,EAAsB,EAAE,CAAC,CAAC;IACrF,SAAS,EAAE,MAAM,CAAC,QAAQ;IAC1B,aAAa,EAAE,MAAM,CAAC,MAAM;IAC5B,aAAa,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;IACxC,WAAW,EAAE,MAAM,CAAC,UAAU,IAAI,CAAC,oBAAoB,EAAE,eAAe,CAAC;IACzE,cAAc,EAAE,CAAC,MAAM,CAAC,aAAa,IAAI,CAAC,MAAM,CAAC,CAAmB;IACpE,0BAA0B,EAAE,qBAAqB;IACjD,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,+BAA+B;IACtD,WAAW,EAAE,MAAM,CAAC,QAAQ;CAC7B,CAAC,CAAA"}
|
package/build/index.d.ts
CHANGED
package/build/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,mBAAmB,YAAY,CAAA;AAC/B,cAAc,cAAc,CAAA;AAC5B,cAAc,aAAa,CAAA;AAC3B,cAAc,iBAAiB,CAAA;AAC/B,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,mBAAmB,YAAY,CAAA;AAC/B,cAAc,cAAc,CAAA;AAC5B,cAAc,aAAa,CAAA;AAC3B,cAAc,iBAAiB,CAAA;AAC/B,cAAc,UAAU,CAAA"}
|
package/build/index.js
CHANGED
package/build/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,cAAc,cAAc,CAAA;AAC5B,cAAc,aAAa,CAAA;AAC3B,cAAc,iBAAiB,CAAA"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,cAAc,cAAc,CAAA;AAC5B,cAAc,aAAa,CAAA;AAC3B,cAAc,iBAAiB,CAAA;AAC/B,cAAc,UAAU,CAAA"}
|
package/build/service.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"service.d.ts","sourceRoot":"","sources":["../src/service.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,OAAO,EAA0C,mBAAmB,EAAE,MAAM,YAAY,CAAA;AAS9G,eAAO,MAAM,yBAAyB,GAAI,QAAO,MAAsB,KAAG,
|
|
1
|
+
{"version":3,"file":"service.d.ts","sourceRoot":"","sources":["../src/service.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,OAAO,EAA0C,mBAAmB,EAAE,MAAM,YAAY,CAAA;AAS9G,eAAO,MAAM,yBAAyB,GAAI,QAAO,MAAsB,KAAG,mBA2FzE,CAAA;AAED,eAAO,MAAM,yBAAyB,GAAI,CAAC,SAAS,MAAM,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAC9E,KAAK,CAAC,EAAE,QAAO,MAAsB,KACpC,CAOF,CAAA"}
|
package/build/service.js
CHANGED
|
@@ -20,9 +20,11 @@ export const createOidcProviderService = (alias = DEFAULT_ALIAS) => {
|
|
|
20
20
|
adapter: cfg.adapterService != null
|
|
21
21
|
? name => context.service(cfg.adapterService).instance(name)
|
|
22
22
|
: undefined,
|
|
23
|
-
findAccount: async (
|
|
23
|
+
findAccount: async (kctx, id, token) => {
|
|
24
24
|
const accountSrv = context.service(cfg.accountService ?? OIDC_ACCOUNT_SERVICE);
|
|
25
|
-
|
|
25
|
+
const clientId = kctx?.oidc?.client?.clientId
|
|
26
|
+
?? token?.clientId;
|
|
27
|
+
return accountSrv.loadById(context, id, { clientId });
|
|
26
28
|
},
|
|
27
29
|
interactions: {
|
|
28
30
|
url: async (_, interaction) => {
|
package/build/service.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"service.js","sourceRoot":"","sources":["../src/service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAChE,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAA;AACjE,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AAE1D,OAAO,QAAQ,MAAM,eAAe,CAAA;AAGpC,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAA;AACrC,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAA;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAEjD,IAAI,gBAAgB,GAAyB,SAAS,CAAA;AACtD,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,QAAgB,aAAa,EAAuB,EAAE;IAC9F,MAAM,OAAO,GAAwB,aAAa,CAAsB,KAAK,EAAE;QAC7E,MAAM,EAAE,KAAK,EAAC,GAAG,EAAC,EAAE;YAClB,MAAM,OAAO,GAAG,aAAa,CAAkB,OAAO,CAAC,GAAc,EAAE,KAAK,CAAC,CAAA;YAC7E,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAA;YAE5B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAe,CAAA;YAC/F,MAAM,MAAM,GAAG,kBAAkB,CAAkB,OAAO,CAAC,CAAA;YAC3D,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,GAAG,CAAC,QAAQ,IAAI,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;YACtF,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;YAE5F,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,GAAG,EAAE;gBAC7B,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC;gBAEzC,OAAO,EAAE,GAAG,CAAC,cAAc,IAAI,IAAI;oBACjC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,CAAqB,GAAG,CAAC,cAAe,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACjF,CAAC,CAAC,SAAS;gBAEb,WAAW,EAAE,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"service.js","sourceRoot":"","sources":["../src/service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAChE,OAAO,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAA;AACjE,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AAE1D,OAAO,QAAQ,MAAM,eAAe,CAAA;AAGpC,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAA;AACrC,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAA;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAEjD,IAAI,gBAAgB,GAAyB,SAAS,CAAA;AACtD,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,QAAgB,aAAa,EAAuB,EAAE;IAC9F,MAAM,OAAO,GAAwB,aAAa,CAAsB,KAAK,EAAE;QAC7E,MAAM,EAAE,KAAK,EAAC,GAAG,EAAC,EAAE;YAClB,MAAM,OAAO,GAAG,aAAa,CAAkB,OAAO,CAAC,GAAc,EAAE,KAAK,CAAC,CAAA;YAC7E,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAA;YAE5B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAe,CAAA;YAC/F,MAAM,MAAM,GAAG,kBAAkB,CAAkB,OAAO,CAAC,CAAA;YAC3D,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,EAAE,GAAG,CAAC,QAAQ,IAAI,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;YACtF,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAA;YAE5F,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,GAAG,EAAE;gBAC7B,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC;gBAEzC,OAAO,EAAE,GAAG,CAAC,cAAc,IAAI,IAAI;oBACjC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,OAAO,CAAqB,GAAG,CAAC,cAAe,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACjF,CAAC,CAAC,SAAS;gBAEb,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE;oBACrC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAChC,GAAG,CAAC,cAAc,IAAI,oBAAoB,CAC3C,CAAA;oBAED,MAAM,QAAQ,GAAI,IAAsD,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ;2BAC1F,KAA2C,EAAE,QAAQ,CAAA;oBAE3D,OAAO,UAAU,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAA;gBACvD,CAAC;gBAED,YAAY,EAAE;oBACZ,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,EAAE;wBAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,CAAmB,WAAW,CAAC,CAAA;wBAChE,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,MAAM,CAAC,IAAI,CAAS,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,WAAW,CAAC,GAAG,EAAE,EAAE,CAAC,CAAA;wBAC7E,OAAO,GAAG,CAAA;oBACZ,CAAC;iBACF;aACF,CAAC,CAAA;YAEF,IAAI,CAAC,KAAK,GAAG,GAAG,CAAC,WAAW,IAAI,QAAQ,CAAA;YACxC,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,QAAQ,IAAI,YAAY,CAAC,CAAA;YAEjD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAA;YAErC,2FAA2F;YAC3F,iFAAiF;YACjF,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;gBAC7D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;oBAClC,OAAO,OAAO,CAAA;gBAChB,CAAC;gBACD,MAAM,GAAG,GAAG,KAAK,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAA;gBACtD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;oBAClE,KAAK,CAAC,MAAM,CAAC,yBAAyB,EAAE,GAAG,CAAC,OAAO,CAAC,oBAAoB,EAAE,eAAe,CAAC,CAAC,CAAA;gBAC7F,CAAC;gBACD,OAAO,OAAO,CAAA;YAChB,CAAC,CAAC,CAAA;YAEF,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC;gBAEtD,IAAI,CAAC,EAAE,CAAC,aAAa,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE;oBAClC,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAA;oBACrC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;oBACzB,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAA;gBAC5C,CAAC,CAAC,CAAA;gBAEF,IAAI,CAAC,EAAE,CAAC,cAAc,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;oBACrC,OAAO,CAAC,IAAI,CAAC,wBAAwB,EAAE,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAA;oBAC5E,OAAO,CAAC,IAAI,CAAE,GAAG,CAAC,IAAY,CAAC,KAAK,CAAC,CAAA;oBACrC,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAA;gBAC7C,CAAC,CAAC,CAAA;gBAEF,IAAI,CAAC,EAAE,CAAC,gBAAgB,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;oBACvC,OAAO,CAAC,IAAI,CAAC,2BAA2B,EAAE,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAA;oBAC/E,OAAO,CAAC,IAAI,CAAE,GAAG,CAAC,IAAY,CAAC,KAAK,CAAC,CAAA;oBACrC,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAA;gBAChD,CAAC,CAAC,CAAA;YAEJ,CAAC;YAED,gBAAgB,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;QACxC,CAAC;QAED,QAAQ,EAAE,GAAG,EAAE;YACb,OAAO,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,gBAAiB,CAAC,CAAA;QAC3D,CAAC;QAED,cAAc,EAAE,KAAK,EAAC,EAAE,EAAC,EAAE;YACzB,OAAO,MAAM,OAAO,CAAC,QAAQ,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,IAAI,CAAA;QAC9D,CAAC;KACF,CAAC,CAAA;IAEF,OAAO,OAAO,CAAA;AAChB,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,yBAAyB,GAAG,CACvC,GAAM,EAAE,QAAgB,aAAa,EAClC,EAAE;IACL,MAAM,OAAO,GAAG,yBAAyB,CAAC,KAAK,CAAC,CAAA;IAChD,MAAM,OAAO,GAAG,GAAQ,CAAA;IAExB,OAAO,CAAC,eAAe,CAAC,OAAO,CAAC,CAAA;IAEhC,OAAO,OAAO,CAAA;AAChB,CAAC,CAAA"}
|
package/build/types.d.ts
CHANGED
|
@@ -28,8 +28,12 @@ export interface OidcConfig extends OidcSharedConfig {
|
|
|
28
28
|
accountService?: string;
|
|
29
29
|
adapterService?: string;
|
|
30
30
|
}
|
|
31
|
+
export interface OidcAccountParams {
|
|
32
|
+
/** The OIDC client requesting the account — lets the account service scope claims (e.g. permissions) per client. */
|
|
33
|
+
clientId?: string;
|
|
34
|
+
}
|
|
31
35
|
export interface OidcAccountService extends InitializedService {
|
|
32
|
-
loadById: <C extends Config, T extends Context<C>>(ctx: T, id: string) => Promise<Account | undefined>;
|
|
36
|
+
loadById: <C extends Config, T extends Context<C>>(ctx: T, id: string, params?: OidcAccountParams) => Promise<Account | undefined>;
|
|
33
37
|
}
|
|
34
38
|
export interface OidcAdapterService extends InitializedService {
|
|
35
39
|
instance: (name: string) => Adapter;
|
package/build/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAA;AAC3D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AACtD,OAAO,KAAK,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AACtE,OAAO,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAA;AAC3E,OAAO,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAE3G,MAAM,WAAW,mBAAoB,SAAQ,kBAAkB;IAC7D,IAAI,EAAE,QAAQ,CAAA;IAEd,MAAM,EAAE,CAAC,GAAG,EAAE,SAAS,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAEzC,QAAQ,EAAE,MAAM,QAAQ,CAAA;IAExB,cAAc,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAA;CAC5D;AAED,MAAM,WAAW,gBAAgB,CAAC,KAAK,SAAS,gBAAgB,GAAG,gBAAgB;IACjF,IAAI,EAAE,UAAU,GAAG,KAAK,CAAA;CACzB;AAED,MAAM,WAAW,UAAW,SAAQ,gBAAgB;IAClD,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,cAAc,EAAE,CAAA;IACzB,mBAAmB,CAAC,EAAE,aAAa,CAAA;IACnC,WAAW,CAAC,EAAE,OAAO,CAAA;IACrB,WAAW,EAAE;QACX,KAAK,EAAE;YACL,EAAE,EAAE,MAAM,CAAA;YACV,GAAG,CAAC,EAAE,MAAM,CAAA;SACb,CAAA;KACF,CAAA;IACD,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB;AAED,MAAM,WAAW,kBAAmB,SAAQ,kBAAkB;IAC5D,QAAQ,EAAE,CAAC,CAAC,SAAS,MAAM,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,GAAG,SAAS,CAAC,CAAA;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAA;AAC3D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AACtD,OAAO,KAAK,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AACtE,OAAO,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAA;AAC3E,OAAO,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AAE3G,MAAM,WAAW,mBAAoB,SAAQ,kBAAkB;IAC7D,IAAI,EAAE,QAAQ,CAAA;IAEd,MAAM,EAAE,CAAC,GAAG,EAAE,SAAS,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAEzC,QAAQ,EAAE,MAAM,QAAQ,CAAA;IAExB,cAAc,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAA;CAC5D;AAED,MAAM,WAAW,gBAAgB,CAAC,KAAK,SAAS,gBAAgB,GAAG,gBAAgB;IACjF,IAAI,EAAE,UAAU,GAAG,KAAK,CAAA;CACzB;AAED,MAAM,WAAW,UAAW,SAAQ,gBAAgB;IAClD,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,cAAc,EAAE,CAAA;IACzB,mBAAmB,CAAC,EAAE,aAAa,CAAA;IACnC,WAAW,CAAC,EAAE,OAAO,CAAA;IACrB,WAAW,EAAE;QACX,KAAK,EAAE;YACL,EAAE,EAAE,MAAM,CAAA;YACV,GAAG,CAAC,EAAE,MAAM,CAAA;SACb,CAAA;KACF,CAAA;IACD,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB;AAED,MAAM,WAAW,iBAAiB;IAChC,oHAAoH;IACpH,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,kBAAmB,SAAQ,kBAAkB;IAC5D,QAAQ,EAAE,CAAC,CAAC,SAAS,MAAM,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,iBAAiB,KAAK,OAAO,CAAC,OAAO,GAAG,SAAS,CAAC,CAAA;CACnI;AAED,MAAM,WAAW,kBAAmB,SAAQ,kBAAkB;IAC5D,QAAQ,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAA;CACpC;AAED,MAAM,WAAW,MAAO,SAAQ,YAAY,EAAE,gBAAgB;IAC5D,KAAK,EAAE,YAAY,CAAC,OAAO,CAAC,GAAG;QAC7B,IAAI,CAAC,EAAE,OAAO,CAAA;QACd,UAAU,CAAC,EAAE,OAAO,CAAA;QACpB,QAAQ,CAAC,EAAE,OAAO,CAAA;KACnB,CAAA;CACF;AAED,MAAM,WAAW,OAAO,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM,CAAE,SAAQ,aAAa,CAAC,CAAC,CAAC,EACxE,eAAe;CAAI"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;AAKlD,eAAO,MAAM,aAAa,GAAU,SAAS,OAAO,EAAE,WAAW,OAAO,KAAG,OAAO,CAAC,aAAa,CA0C/F,CAAA"}
|
package/build/utils/config.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { updateClient } from './client.js';
|
|
2
|
+
import { PERMISSIONS_CLAIM, PERMISSIONS_SCOPE } from '@owlmeans/oidc';
|
|
2
3
|
import * as jose from 'jose';
|
|
3
4
|
export const combineConfig = async (context, _unsecure) => {
|
|
4
5
|
const cfg = context.cfg.oidc;
|
|
@@ -14,9 +15,14 @@ export const combineConfig = async (context, _unsecure) => {
|
|
|
14
15
|
'username', 'family_name', 'given_name', 'locale', 'name', 'nickname', 'preferred_username',
|
|
15
16
|
...cfg.customConfiguration?.claims?.profile ?? []
|
|
16
17
|
],
|
|
18
|
+
// Inert unless the account service actually emits the claim (integrated IAM mode)
|
|
19
|
+
[PERMISSIONS_SCOPE]: [PERMISSIONS_CLAIM],
|
|
17
20
|
...cfg.customConfiguration?.claims,
|
|
18
21
|
},
|
|
19
|
-
scopes: [
|
|
22
|
+
scopes: [
|
|
23
|
+
'openid', 'profile', 'offline_access', PERMISSIONS_SCOPE,
|
|
24
|
+
...cfg.customConfiguration?.scopes ?? []
|
|
25
|
+
],
|
|
20
26
|
features: {
|
|
21
27
|
...cfg.customConfiguration?.features,
|
|
22
28
|
devInteractions: { enabled: false }
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAE5B,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAAE,OAAgB,EAAE,SAAkB,EAA0B,EAAE;IAClG,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAA;IAE5B,MAAM,aAAa,GAAkB;QACnC,GAAG,GAAG,CAAC,mBAAmB;QAC1B,OAAO,EAAE;YACP,GAAG,GAAG,CAAC,OAAO;YACd,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,OAAO,IAAI,EAAE,CAAC;SAC5C,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC9C,MAAM,EAAE;YACN,KAAK,EAAE,CAAC,OAAO,EAAE,gBAAgB,EAAE,GAAG,GAAG,CAAC,mBAAmB,EAAE,MAAM,EAAE,KAAK,IAAI,EAAE,CAAC;YACnF,OAAO,EAAE;gBACP,UAAU,EAAE,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,oBAAoB;gBAC3F,GAAG,GAAG,CAAC,mBAAmB,EAAE,MAAM,EAAE,OAAO,IAAI,EAAE;aAClD;YACD,GAAG,GAAG,CAAC,mBAAmB,EAAE,MAAM;SACnC;QACD,MAAM,EAAE,
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/utils/config.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AACrE,OAAO,KAAK,IAAI,MAAM,MAAM,CAAA;AAE5B,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAAE,OAAgB,EAAE,SAAkB,EAA0B,EAAE;IAClG,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAA;IAE5B,MAAM,aAAa,GAAkB;QACnC,GAAG,GAAG,CAAC,mBAAmB;QAC1B,OAAO,EAAE;YACP,GAAG,GAAG,CAAC,OAAO;YACd,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,OAAO,IAAI,EAAE,CAAC;SAC5C,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC9C,MAAM,EAAE;YACN,KAAK,EAAE,CAAC,OAAO,EAAE,gBAAgB,EAAE,GAAG,GAAG,CAAC,mBAAmB,EAAE,MAAM,EAAE,KAAK,IAAI,EAAE,CAAC;YACnF,OAAO,EAAE;gBACP,UAAU,EAAE,aAAa,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,oBAAoB;gBAC3F,GAAG,GAAG,CAAC,mBAAmB,EAAE,MAAM,EAAE,OAAO,IAAI,EAAE;aAClD;YACD,kFAAkF;YAClF,CAAC,iBAAiB,CAAC,EAAE,CAAC,iBAAiB,CAAC;YACxC,GAAG,GAAG,CAAC,mBAAmB,EAAE,MAAM;SACnC;QACD,MAAM,EAAE;YACN,QAAQ,EAAE,SAAS,EAAE,gBAAgB,EAAE,iBAAiB;YACxD,GAAG,GAAG,CAAC,mBAAmB,EAAE,MAAM,IAAI,EAAE;SACzC;QACD,QAAQ,EAAE;YACR,GAAG,GAAG,CAAC,mBAAmB,EAAE,QAAQ;YACpC,eAAe,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE;YACnC,qBAAqB;YACrB,eAAe;YACf,kEAAkE;YAClE,gCAAgC;YAChC,mBAAmB;YACnB,2DAA2D;YAC3D,KAAK;SACN;QACD,IAAI,EAAE;YACJ,IAAI,EAAE;gBACJ,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,EAAE,OAAO,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;aACvG;SACF;KACF,CAAA;IAED,OAAO,aAAa,CAAA;AACtB,CAAC,CAAA"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@owlmeans/server-oidc-provider",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.7",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"scripts": {
|
|
@@ -23,7 +23,7 @@
|
|
|
23
23
|
},
|
|
24
24
|
"devDependencies": {
|
|
25
25
|
"@owlmeans/dep-config": "workspace:*",
|
|
26
|
-
"@owlmeans/context": "^0.1.
|
|
26
|
+
"@owlmeans/context": "^0.1.7",
|
|
27
27
|
"@types/bun": "^1.3.0",
|
|
28
28
|
"@types/node": "^24.10.1",
|
|
29
29
|
"@types/oidc-provider": "9.5.0",
|
|
@@ -36,13 +36,13 @@
|
|
|
36
36
|
},
|
|
37
37
|
"dependencies": {
|
|
38
38
|
"@noble/hashes": "^1.5.0",
|
|
39
|
-
"@owlmeans/client-entrypoint": "^0.1.
|
|
40
|
-
"@owlmeans/config": "^0.1.
|
|
41
|
-
"@owlmeans/context": "^0.1.
|
|
42
|
-
"@owlmeans/oidc": "^0.1.
|
|
43
|
-
"@owlmeans/route": "^0.1.
|
|
44
|
-
"@owlmeans/server-api": "^0.1.
|
|
45
|
-
"@owlmeans/server-context": "^0.1.
|
|
39
|
+
"@owlmeans/client-entrypoint": "^0.1.7",
|
|
40
|
+
"@owlmeans/config": "^0.1.7",
|
|
41
|
+
"@owlmeans/context": "^0.1.7",
|
|
42
|
+
"@owlmeans/oidc": "^0.1.7",
|
|
43
|
+
"@owlmeans/route": "^0.1.7",
|
|
44
|
+
"@owlmeans/server-api": "^0.1.7",
|
|
45
|
+
"@owlmeans/server-context": "^0.1.7",
|
|
46
46
|
"@scure/base": "^1.1.9",
|
|
47
47
|
"jose": "6.2.3",
|
|
48
48
|
"oidc-provider": "9.8.4"
|
package/src/iam.ts
CHANGED
|
@@ -1,4 +1,40 @@
|
|
|
1
|
+
import type { ClientMetadata, ResponseType } from 'oidc-provider'
|
|
2
|
+
|
|
3
|
+
/** A registered OIDC client stored in the provider's Client adapter. */
|
|
4
|
+
export interface OidcRegisteredClient {
|
|
5
|
+
clientId: string
|
|
6
|
+
secret: string
|
|
7
|
+
/** The entity (realm) this client belongs to — used for identity scoping. */
|
|
8
|
+
entityId?: string
|
|
9
|
+
/** Application display name */
|
|
10
|
+
name?: string
|
|
11
|
+
redirectUris?: string[]
|
|
12
|
+
grantTypes?: string[]
|
|
13
|
+
responseTypes?: string[]
|
|
14
|
+
scope?: string
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
/** Full oidc-provider ClientMetadata with our entity extension. */
|
|
18
|
+
export type OidcClientMetadata = ClientMetadata & { entityId?: string; owlEntityId?: string }
|
|
19
|
+
|
|
20
|
+
/** Convert an OidcRegisteredClient to the oidc-provider ClientMetadata shape. */
|
|
21
|
+
export const toClientMetadata = (client: OidcRegisteredClient): OidcClientMetadata => ({
|
|
22
|
+
client_id: client.clientId,
|
|
23
|
+
client_secret: client.secret,
|
|
24
|
+
redirect_uris: client.redirectUris ?? [],
|
|
25
|
+
grant_types: client.grantTypes ?? ['authorization_code', 'refresh_token'],
|
|
26
|
+
response_types: (client.responseTypes ?? ['code']) as ResponseType[],
|
|
27
|
+
token_endpoint_auth_method: 'client_secret_basic',
|
|
28
|
+
scope: client.scope ?? 'openid profile offline_access',
|
|
29
|
+
owlEntityId: client.entityId,
|
|
30
|
+
})
|
|
31
|
+
|
|
1
32
|
/** Extension seam for IAM integration into the OIDC provider — Phase 2 fills this */
|
|
2
33
|
export interface OidcProviderIamExtension {
|
|
3
|
-
|
|
34
|
+
/** Convert a stored client record to oidc-provider ClientMetadata */
|
|
35
|
+
toClientMetadata: typeof toClientMetadata
|
|
36
|
+
/** Type of a stored client record */
|
|
37
|
+
OidcRegisteredClient: OidcRegisteredClient
|
|
38
|
+
/** Extended metadata type */
|
|
39
|
+
OidcClientMetadata: OidcClientMetadata
|
|
4
40
|
}
|
package/src/index.ts
CHANGED
package/src/service.ts
CHANGED
|
@@ -28,12 +28,15 @@ export const createOidcProviderService = (alias: string = DEFAULT_ALIAS): OidcPr
|
|
|
28
28
|
? name => context.service<OidcAdapterService>(cfg.adapterService!).instance(name)
|
|
29
29
|
: undefined,
|
|
30
30
|
|
|
31
|
-
findAccount: async (
|
|
31
|
+
findAccount: async (kctx, id, token) => {
|
|
32
32
|
const accountSrv = context.service<OidcAccountService>(
|
|
33
33
|
cfg.accountService ?? OIDC_ACCOUNT_SERVICE
|
|
34
34
|
)
|
|
35
35
|
|
|
36
|
-
|
|
36
|
+
const clientId = (kctx as { oidc?: { client?: { clientId?: string } } })?.oidc?.client?.clientId
|
|
37
|
+
?? (token as { clientId?: string } | undefined)?.clientId
|
|
38
|
+
|
|
39
|
+
return accountSrv.loadById(context, id, { clientId })
|
|
37
40
|
},
|
|
38
41
|
|
|
39
42
|
interactions: {
|
package/src/types.ts
CHANGED
|
@@ -35,8 +35,13 @@ export interface OidcConfig extends OidcSharedConfig {
|
|
|
35
35
|
adapterService?: string
|
|
36
36
|
}
|
|
37
37
|
|
|
38
|
+
export interface OidcAccountParams {
|
|
39
|
+
/** The OIDC client requesting the account — lets the account service scope claims (e.g. permissions) per client. */
|
|
40
|
+
clientId?: string
|
|
41
|
+
}
|
|
42
|
+
|
|
38
43
|
export interface OidcAccountService extends InitializedService {
|
|
39
|
-
loadById: <C extends Config, T extends Context<C>>(ctx: T, id: string) => Promise<Account | undefined>
|
|
44
|
+
loadById: <C extends Config, T extends Context<C>>(ctx: T, id: string, params?: OidcAccountParams) => Promise<Account | undefined>
|
|
40
45
|
}
|
|
41
46
|
|
|
42
47
|
export interface OidcAdapterService extends InitializedService {
|
package/src/utils/config.ts
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import type { Context } from '../types.js'
|
|
2
2
|
import type { Configuration } from 'oidc-provider'
|
|
3
3
|
import { updateClient } from './client.js'
|
|
4
|
+
import { PERMISSIONS_CLAIM, PERMISSIONS_SCOPE } from '@owlmeans/oidc'
|
|
4
5
|
import * as jose from 'jose'
|
|
5
6
|
|
|
6
7
|
export const combineConfig = async (context: Context, _unsecure: boolean): Promise<Configuration> => {
|
|
@@ -18,9 +19,14 @@ export const combineConfig = async (context: Context, _unsecure: boolean): Promi
|
|
|
18
19
|
'username', 'family_name', 'given_name', 'locale', 'name', 'nickname', 'preferred_username',
|
|
19
20
|
...cfg.customConfiguration?.claims?.profile ?? []
|
|
20
21
|
],
|
|
22
|
+
// Inert unless the account service actually emits the claim (integrated IAM mode)
|
|
23
|
+
[PERMISSIONS_SCOPE]: [PERMISSIONS_CLAIM],
|
|
21
24
|
...cfg.customConfiguration?.claims,
|
|
22
25
|
},
|
|
23
|
-
scopes: [
|
|
26
|
+
scopes: [
|
|
27
|
+
'openid', 'profile', 'offline_access', PERMISSIONS_SCOPE,
|
|
28
|
+
...cfg.customConfiguration?.scopes ?? []
|
|
29
|
+
],
|
|
24
30
|
features: {
|
|
25
31
|
...cfg.customConfiguration?.features,
|
|
26
32
|
devInteractions: { enabled: false }
|