Make OIDC scope configurable

[ricardojdsilva87]

Hello,
I'm currently having an issue connecting to OIDC using the latest plugin version.

This is the request (URL and client_id hidden)
https://*******************?response_type=code&redirect_uri=https%3A%2F%2F*****************%2Foauth2%2Fcallback%2Foidc&state=kan17me88daf0t5rbh43s3btph&client_id=**************&scope=openid+email+profile

This is the response:
https://*******************/oauth2/callback/oidc?error_description=The+requested+scope+is+invalid%2C+unknown%2C+malformed%2C+or+exceeds+that+which+the+client+is+permitted+to+request.&state=kan17me88daf0t5rbh43s3btph&error=invalid_scope

I have looked into the configuration on the sonarqube plugin and there is no option to select only a few scopes. Currently the oidc I'm connecting to is configured to accept only iodc connections. Is there a way we can select which scopes would be called?
As I can see this scope is default in most of the source files:

sonar-auth-oidc/src/test/java/org/vaulttec/sonarqube/auth/oidc/OidcClientTest.java

Line 64 in 6038f1a

assertEquals("invalid scope", Scope.parse("openid email profile"), request.getScope());

Thanks for the help

[tjuerge]

The additional scopes configuration (introduced in #16) was replaced by all scopes used in authorization request:

In this scopes configuration you can remove all but the required 'openid' scope.

[ricardojdsilva87]

Thanks for the reply! Meanwhile we have integrated our application using a github plugin. The login uses OIDC via github that is already integrated. We'll have a 2nd option if meanwhile we have to take out Github out of the way.