Skip to content

Commit 85e8884

Browse files
jdoupejdoupe
committed
add scope and authparam flags and parameters for OIDC
1 parent cae069c commit 85e8884

File tree

2 files changed

+26
-0
lines changed

2 files changed

+26
-0
lines changed

command/ca/provisioner/provisioner.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -605,6 +605,16 @@ Use the '--group' flag multiple times to configure multiple groups.`,
605605
Name: "tenant-id",
606606
Usage: `The <tenant-id> used to replace the templatized tenantid value in the OpenID Configuration.`,
607607
}
608+
oidcScopeFlag = cli.StringSliceFlag{
609+
Name: "scope",
610+
Usage: `The <scope> list used to validate the scopes extension in an OpenID Connect token.
611+
Use the '--scope' flag multiple times to configure multiple scopes.`,
612+
}
613+
oidcAuthParamFlag = cli.StringSliceFlag{
614+
Name: "auth-param",
615+
Usage: `The <auth-param> list used to validate the auth-params extension in an OpenID Connect token.
616+
Use the '--auth-param' flag multiple times to configure multiple auth-params.`,
617+
}
608618

609619
// X5C provisioner flags
610620
x5cRootsFlag = cli.StringFlag{

command/ca/provisioner/update.go

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,8 @@ OIDC
5151
[**--domain**=<domain>] [**--remove-domain**=<domain>]
5252
[**--group**=<group>] [**--remove-group**=<group>]
5353
[**--admin**=<email>]... [**--remove-admin**=<email>]...
54+
[**--scope**=<scope>] [**--remove-scope**=<scope>]
55+
[**--auth-param**=<auth-param>] [**--remove-auth-param**=<auth-param>]
5456
[**--admin-cert**=<file>] [**--admin-key**=<file>]
5557
[**--admin-subject**=<subject>] [**--admin-provisioner**=<name>] [**--admin-password-file**=<file>]
5658
[**--ca-url**=<uri>] [**--root**=<file>] [**--context**=<name>] [**--ca-config**=<file>]
@@ -112,6 +114,8 @@ SCEP
112114
oidcRemoveDomainFlag,
113115
oidcGroupFlag,
114116
oidcTenantIDFlag,
117+
oidcScopeFlag,
118+
oidcAuthParamFlag,
115119

116120
// X5C Root Flag
117121
x5cRootsFlag,
@@ -791,6 +795,18 @@ func updateOIDCDetails(ctx *cli.Context, p *linkedca.Provisioner) error {
791795
}
792796
details.ConfigurationEndpoint = ce
793797
}
798+
if ctx.IsSet("remove-scope") {
799+
details.Scopes = removeElements(details.Scopes, ctx.StringSlice("remove-scope"))
800+
}
801+
if ctx.IsSet("scope") {
802+
details.Scopes = append(details.Scopes, ctx.StringSlice("scope")...)
803+
}
804+
if ctx.IsSet("remove-auth-param") {
805+
details.AuthParams = removeElements(details.AuthParams, ctx.StringSlice("remove-auth-param"))
806+
}
807+
if ctx.IsSet("auth-param") {
808+
details.AuthParams = append(details.AuthParams, ctx.StringSlice("auth-param")...)
809+
}
794810
return nil
795811
}
796812

0 commit comments

Comments
 (0)