From 70b85a649e835cc98327813ffde9ade11621ac81 Mon Sep 17 00:00:00 2001 From: martipoe <130643472+martipoe@users.noreply.github.com> Date: Wed, 18 Sep 2024 17:53:56 +0200 Subject: [PATCH] fix: define claims and scopes for data required by application settings, add grant type for debugging, require client secret from application before providing authorization_code, include claims in token --- .ddev/docker-compose.oidc-server-mock.yaml | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/.ddev/docker-compose.oidc-server-mock.yaml b/.ddev/docker-compose.oidc-server-mock.yaml index 39a03d9..f7ffa8c 100644 --- a/.ddev/docker-compose.oidc-server-mock.yaml +++ b/.ddev/docker-compose.oidc-server-mock.yaml @@ -27,15 +27,11 @@ services: { "AutomaticRedirectAfterSignOut": true } - API_SCOPES_INLINE: | + IDENTITY_RESOURCES_INLINE: | - Name: avatar - API_RESOURCES_INLINE: | - - Name: authentik - Scopes: - - openid - - profile - - email + ClaimTypes: - avatar + - username USERS_CONFIGURATION_INLINE: | [ { @@ -53,9 +49,14 @@ services: "Value": "test.user@example.org", "ValueType": "string" }, + { + "Type": "username", + "Value": "User1", + "ValueType": "string" + }, { "Type": "avatar", - "Value": "Test's Api Resource Custom Claim", + "Value": "test", "ValueType": "string" } ] @@ -67,13 +68,15 @@ services: "ClientId": "authentik-mock-client", "ClientSecrets": ["authentik-mock-client-secret"], "Description": "Client for authentik credentials flow", - "AllowedGrantTypes": ["authorization_code"], + "AllowedGrantTypes": ["authorization_code", "password"], "RequirePkce": false, "AllowAccessTokensViaBrowser": true, "RedirectUris": ["https://xima-oauth2-extended.ddev.site/typo3/login?loginProvider=1616569531&oauth2-provider=authentik&login_status=login&commandLI=attempt"], "AllowedScopes": ["openid", "profile", "email", "avatar"], "IdentityTokenLifetime": 3600, "AccessTokenLifetime": 3600, + "RequireClientSecret": true, + "AlwaysIncludeUserClaimsInIdToken": true, } ] ASPNET_SERVICES_OPTIONS_INLINE: |