From f1670f99a03a09e1cf10a852c9016cf5a7a4c2ae Mon Sep 17 00:00:00 2001
From: Michael Kruggel <108417058+Michael-Kruggel@users.noreply.github.com>
Date: Wed, 13 Nov 2024 14:01:23 -0700
Subject: [PATCH] feat: configurable defaultClientScopes (#164)

---
 chart/templates/uds-package.yaml | 6 ++++++
 chart/values.yaml                | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml
index 786bbffd..33fff11d 100644
--- a/chart/templates/uds-package.yaml
+++ b/chart/templates/uds-package.yaml
@@ -14,6 +14,11 @@ spec:
       redirectUris:
         - "https://{{ .Values.subdomain }}.{{ .Values.domain }}/*"
       defaultClientScopes:
+      {{- if .Values.sso.defaultClientScopes }}
+        {{- range .Values.sso.defaultClientScopes }}
+          - "{{ . }}"
+        {{- end }}
+      {{- else }}
         - "openid"
         {{ if eq .Values.sso.protocol "gitlab" }}
         - "mapper-oidc-username-username"
@@ -24,6 +29,7 @@ spec:
         - "profile"
         - "email"
         {{ end }}
+      {{- end }}
 
       secretName: {{ .Values.sso.secretName }}
       secretTemplate:
diff --git a/chart/values.yaml b/chart/values.yaml
index 8299b7e5..fd26bcc3 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -36,6 +36,9 @@ sso:
   protocol: "gitlab"
   secretName: mattermost-sso
 
+  # This will replace the current list of default client scopes.
+  defaultClientScopes: {}
+
   # These should typically be disabled if SSO is enabled
   enable_sign_up_with_email: false
   enable_sign_in_with_email: false