added support to set default scopes to static clients

Signed-off-by: Denis Khachyan <khachyanda@gmail.com>
2 years ago · 2a81398656
2 changed files with 13 additions and 0 deletions
--- a/server/oauth2.go
+++ b/server/oauth2.go
@ -17,6 +17,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"slices"
 	"strconv"
 	"strings"
 	"time"
@ -524,6 +525,15 @@ func (s *Server) parseAuthorizationRequest(r *http.Request) (*storage.AuthReques
 		unrecognized  []string
 		invalidScopes []string
 	)
+
+	if len(client.DefaultScopes) > 0 {
+		for _, scope := range client.DefaultScopes {
+			if !slices.Contains(scopes, scope) {
+				scopes = append(scopes, scope)
+			}
+		}
+	}
+
 	hasOpenIDScope := false
 	for _, scope := range scopes {
 		switch scope {
--- a/storage/storage.go
+++ b/storage/storage.go
@ -171,6 +171,9 @@ type Client struct {
 	// Name and LogoURL used when displaying this client to the end user.
 	Name    string `json:"name" yaml:"name"`
 	LogoURL string `json:"logoURL" yaml:"logoURL"`
+
+	// The set of OAuth2 scopes requested by default.
+	DefaultScopes []string `json:"defaultScopes" yaml:"defaultScopes"`
 }

 // Claims represents the ID Token claims supported by the server.