From e1ded0250c5f3e38e27c10a94e46c2d1d99acb85 Mon Sep 17 00:00:00 2001 From: horus Date: Tue, 10 Oct 2023 18:27:26 +0800 Subject: [PATCH] feat: support additional OIDC parameters (#1567) Co-authored-by: Sparkle <1284531+baurine@users.noreply.github.com> --- pkg/apiserver/user/sso/service.go | 12 ++++++++--- pkg/config/dynamic_config.go | 2 ++ .../api/models/config-ssocore-config.ts | 12 +++++++++++ .../tidb-dashboard-client/swagger/spec.json | 6 ++++++ .../apps/UserProfile/components/Form.SSO.tsx | 21 +++++++++++++++++++ .../src/apps/UserProfile/translations/en.yaml | 2 ++ .../src/apps/UserProfile/translations/zh.yaml | 2 ++ .../tidb-dashboard-lib/src/client/models.ts | 12 +++++++++++ 8 files changed, 66 insertions(+), 3 deletions(-) diff --git a/pkg/apiserver/user/sso/service.go b/pkg/apiserver/user/sso/service.go index 3aae6c9818..fb75800126 100644 --- a/pkg/apiserver/user/sso/service.go +++ b/pkg/apiserver/user/sso/service.go @@ -325,14 +325,20 @@ func (s *Service) buildOAuth2Config(redirectURL string) (*oauth2.Config, error) if !dc.SSO.CoreConfig.Enabled { return nil, ErrBadConfig.New("SSO is not enabled") } + scopes := []string{"openid", "profile", "email"} + if len(dc.SSO.CoreConfig.Scopes) > 0 { + userSupplied := strings.Split(dc.SSO.CoreConfig.Scopes, " ") + scopes = append(scopes, userSupplied...) + } return &oauth2.Config{ - ClientID: dc.SSO.CoreConfig.ClientID, - RedirectURL: redirectURL, + ClientID: dc.SSO.CoreConfig.ClientID, + ClientSecret: dc.SSO.CoreConfig.ClientSecret, + RedirectURL: redirectURL, Endpoint: oauth2.Endpoint{ AuthURL: dc.SSO.AuthURL, TokenURL: dc.SSO.TokenURL, }, - Scopes: []string{"openid", "profile", "email"}, + Scopes: scopes, }, nil } diff --git a/pkg/config/dynamic_config.go b/pkg/config/dynamic_config.go index dcbd654f86..aed07cfd83 100644 --- a/pkg/config/dynamic_config.go +++ b/pkg/config/dynamic_config.go @@ -47,7 +47,9 @@ type ProfilingConfig struct { type SSOCoreConfig struct { Enabled bool `json:"enabled"` ClientID string `json:"client_id"` + ClientSecret string `json:"client_secret"` DiscoveryURL string `json:"discovery_url"` + Scopes string `json:"scopes"` IsReadOnly bool `json:"is_read_only"` } diff --git a/ui/packages/tidb-dashboard-client/src/client/api/models/config-ssocore-config.ts b/ui/packages/tidb-dashboard-client/src/client/api/models/config-ssocore-config.ts index 059f5ea88d..9e2e342c07 100644 --- a/ui/packages/tidb-dashboard-client/src/client/api/models/config-ssocore-config.ts +++ b/ui/packages/tidb-dashboard-client/src/client/api/models/config-ssocore-config.ts @@ -26,6 +26,12 @@ export interface ConfigSSOCoreConfig { * @memberof ConfigSSOCoreConfig */ 'client_id'?: string; + /** + * + * @type {string} + * @memberof ConfigSSOCoreConfig + */ + 'client_secret'?: string; /** * * @type {string} @@ -44,5 +50,11 @@ export interface ConfigSSOCoreConfig { * @memberof ConfigSSOCoreConfig */ 'is_read_only'?: boolean; + /** + * + * @type {string} + * @memberof ConfigSSOCoreConfig + */ + 'scopes'?: string; } diff --git a/ui/packages/tidb-dashboard-client/swagger/spec.json b/ui/packages/tidb-dashboard-client/swagger/spec.json index 1ceea8bb6b..1e6ab9ce16 100644 --- a/ui/packages/tidb-dashboard-client/swagger/spec.json +++ b/ui/packages/tidb-dashboard-client/swagger/spec.json @@ -3828,6 +3828,9 @@ "client_id": { "type": "string" }, + "client_secret": { + "type": "string" + }, "discovery_url": { "type": "string" }, @@ -3836,6 +3839,9 @@ }, "is_read_only": { "type": "boolean" + }, + "scopes": { + "type": "string" } } }, diff --git a/ui/packages/tidb-dashboard-lib/src/apps/UserProfile/components/Form.SSO.tsx b/ui/packages/tidb-dashboard-lib/src/apps/UserProfile/components/Form.SSO.tsx index 2e8e74c3c4..d3615aa11f 100755 --- a/ui/packages/tidb-dashboard-lib/src/apps/UserProfile/components/Form.SSO.tsx +++ b/ui/packages/tidb-dashboard-lib/src/apps/UserProfile/components/Form.SSO.tsx @@ -257,6 +257,27 @@ export function SSOForm() { style={DEFAULT_FORM_ITEM_STYLE} /> + + + + + +