mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 04:27:02 +01:00
Code Issues Actions 16 Packages Projects Releases Wiki Activity

chore: Made oauth2 scopes required in CLI (#3165)

Browse source
This commit is contained in:
CEbbinghaus 2024-11-01 12:59:27 +11:00 committed by GitHub
parent cc7530aa65
commit 1b58e4169a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
book/src/integrations/oauth2.md
View file

@ -210,7 +210,7 @@ You can create a scope map with:
```bash
kanidm system oauth2 update-scope-map <name> <kanidm_group_name> [scopes]...
kanidm system oauth2 update-scope-map nextcloud nextcloud_admins admin
kanidm system oauth2 update-scope-map nextcloud nextcloud_users email profile openid
```
> [!TIP]
@ -225,13 +225,17 @@ kanidm system oauth2 update-scope-map nextcloud nextcloud_admins admin
> - **email** - email, email_verified
> - **address** - address
> - **phone** - phone_number, phone_number_verified
> - **groups** - groups
<!-- this is just to split the templates up -->
> [!WARNING]
>
> If you are creating an OpenID Connect (OIDC) client you **MUST** provide a scope map named
> If you are creating an OpenID Connect (OIDC) client you **MUST** provide a scope map containing
> `openid`. Without this, OpenID Connect clients **WILL NOT WORK**!
> ```bash
> kanidm system oauth2 update-scope-map nextcloud nextcloud_users openid
> ```
You can create a supplemental scope map with:

2
tools/cli/src/opt/kanidm.rs
View file

@ -943,7 +943,7 @@ pub struct Oauth2CreateScopeMapOpt {
nopt: Named,
#[clap(name = "group")]
group: String,
#[clap(name = "scopes")]
#[clap(name = "scopes", required = true)]
scopes: Vec<String>,
}