Add scopes to OIDC configuration

This allows the CLI to retrieve custom scopes from the provider for use when performing the oauth exchange to generate a token. Custom scopes are useful, for example, when using the OIDC provider with Dex and Github in that it allows the preferred_username or federated_claims.user_id fields to be returned with the token for use in SSH certificate templates (ie. to identify a Github user via `extensions:login@github.com`).
1 month ago · e1e5bbbb03
parent d5758ba3a3
commit e1e5bbbb03
1 changed files with 1 additions and 0 deletions
--- a/authority/provisioner/oidc.go
+++ b/authority/provisioner/oidc.go
@ -92,6 +92,7 @@ type OIDC struct {
 	Groups                []string `json:"groups,omitempty"`
 	ListenAddress         string   `json:"listenAddress,omitempty"`
 	Claims                *Claims  `json:"claims,omitempty"`
+	Scopes                []string `json:"scopes,omitempty"`
 	Options               *Options `json:"options,omitempty"`
 	configuration         openIDConfiguration
 	keyStore              *keyStore