Skip to content

Commit

Permalink
fix: define claims and scopes for data required by application settin…
Browse files Browse the repository at this point in the history 
…gs, add grant type for debugging, require client secret from application before providing authorization_code, include claims in token
  • Loading branch information
@martipoe
martipoe committed Sep 18, 2024
1 parent e68e54a commit 70b85a6
Showing 1 changed file with 12 additions and 9 deletions.
21 changes: 12 additions & 9 deletions .ddev/docker-compose.oidc-server-mock.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,15 +27,11 @@ services:
{
"AutomaticRedirectAfterSignOut": true
}
API_SCOPES_INLINE: |
IDENTITY_RESOURCES_INLINE: |
- Name: avatar
API_RESOURCES_INLINE: |
- Name: authentik
Scopes:
- openid
- profile
- email
ClaimTypes:
- avatar
- username
USERS_CONFIGURATION_INLINE: |
[
{
Expand All @@ -53,9 +49,14 @@ services:
"Value": "test.user@example.org",
"ValueType": "string"
},
{
"Type": "username",
"Value": "User1",
"ValueType": "string"
},
{
"Type": "avatar",
"Value": "Test's Api Resource Custom Claim",
"Value": "test",
"ValueType": "string"
}
]
Expand All @@ -67,13 +68,15 @@ services:
"ClientId": "authentik-mock-client",
"ClientSecrets": ["authentik-mock-client-secret"],
"Description": "Client for authentik credentials flow",
"AllowedGrantTypes": ["authorization_code"],
"AllowedGrantTypes": ["authorization_code", "password"],
"RequirePkce": false,
"AllowAccessTokensViaBrowser": true,
"RedirectUris": ["https://xima-oauth2-extended.ddev.site/typo3/login?loginProvider=1616569531&oauth2-provider=authentik&login_status=login&commandLI=attempt"],
"AllowedScopes": ["openid", "profile", "email", "avatar"],
"IdentityTokenLifetime": 3600,
"AccessTokenLifetime": 3600,
"RequireClientSecret": true,
"AlwaysIncludeUserClaimsInIdToken": true,
}
]
ASPNET_SERVICES_OPTIONS_INLINE: |
Expand Down

0 comments on commit 70b85a6

Please sign in to comment.