feat: configurable defaultClientScopes (#164)

chart/templates/uds-package.yaml

@@ -14,6 +14,11 @@ spec:
       redirectUris:
         - "https://{{ .Values.subdomain }}.{{ .Values.domain }}/*"
       defaultClientScopes:
+      {{- if .Values.sso.defaultClientScopes }}
+        {{- range .Values.sso.defaultClientScopes }}
+          - "{{ . }}"
+        {{- end }}
+      {{- else }}
         - "openid"
         {{ if eq .Values.sso.protocol "gitlab" }}
         - "mapper-oidc-username-username"
@@ -24,6 +29,7 @@ spec:
         - "profile"
         - "email"
         {{ end }}
+      {{- end }}
 
       secretName: {{ .Values.sso.secretName }}
       secretTemplate:

chart/values.yaml

@@ -36,6 +36,9 @@ sso:
   protocol: "gitlab"
   secretName: mattermost-sso
 
+  # This will replace the current list of default client scopes.
+  defaultClientScopes: {}
+
   # These should typically be disabled if SSO is enabled
   enable_sign_up_with_email: false
   enable_sign_in_with_email: false