forked from gitea/gitea
870f5fbc41
* Add groups scope/claim to OICD/OAuth2 Add support for groups claim as part of the OIDC/OAuth2 flow. Groups is a list of "org" and "org:team" strings to allow clients to authorize based on the groups a user is part of. Signed-off-by: Nico Schieder <code@nico-schieder.de> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
50 lines
1.2 KiB
Handlebars
50 lines
1.2 KiB
Handlebars
{
|
|
"issuer": "{{AppUrl | JSEscape | Safe}}",
|
|
"authorization_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/authorize",
|
|
"token_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/access_token",
|
|
"jwks_uri": "{{AppUrl | JSEscape | Safe}}login/oauth/keys",
|
|
"userinfo_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/userinfo",
|
|
"introspection_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/introspect",
|
|
"response_types_supported": [
|
|
"code",
|
|
"id_token"
|
|
],
|
|
"id_token_signing_alg_values_supported": [
|
|
"{{.SigningKey.SigningMethod.Alg | JSEscape | Safe}}"
|
|
],
|
|
"subject_types_supported": [
|
|
"public"
|
|
],
|
|
"scopes_supported": [
|
|
"openid",
|
|
"profile",
|
|
"email",
|
|
"groups"
|
|
],
|
|
"claims_supported": [
|
|
"aud",
|
|
"exp",
|
|
"iat",
|
|
"iss",
|
|
"sub",
|
|
"name",
|
|
"preferred_username",
|
|
"profile",
|
|
"picture",
|
|
"website",
|
|
"locale",
|
|
"updated_at",
|
|
"email",
|
|
"email_verified",
|
|
"groups"
|
|
],
|
|
"code_challenge_methods_supported": [
|
|
"plain",
|
|
"S256"
|
|
],
|
|
"grant_types_supported": [
|
|
"authorization_code",
|
|
"refresh_token"
|
|
]
|
|
}
|