Introduced OAUTH2_SCOPE variable for the Oauth2 scope configuration. Fixes #6627

2025-02-03 04:00:55 -06:00 · 2021-08-31 14:36:14 +05:30 · 2021-08-31 14:36:14 +05:30 · d13d2c6dda
commit d13d2c6dda
parent 620e3a803d
5 changed files with 9 additions and 1 deletions
--- a/docs/en_US/oauth2.rst
+++ b/docs/en_US/oauth2.rst
@ -30,6 +30,7 @@ and modify the values for the following parameters:
    "OAUTH2_AUTHORIZATION_URL", "Endpoint for user authorization"
    "OAUTH2_API_BASE_URL", "Oauth2 base URL endpoint to make requests simple, ex: *https://api.github.com/*"
    "OAUTH2_USERINFO_ENDPOINT", "User Endpoint, ex: *user* (for github) and *useinfo* (for google)"
+    "OAUTH2_SCOPE", "Oauth scope, ex: 'openid email profile'. Note that an 'email' claim is required in the resulting profile."
    "OAUTH2_ICON", "The Font-awesome icon to be placed on the oauth2 button,  ex: fa-github"
    "OAUTH2_BUTTON_COLOR", "Oauth2 button color"
    "OAUTH2_AUTO_CREATE_USER", "Set the value to *True* if you want to automatically
--- a/docs/en_US/release_notes_5_7.rst
+++ b/docs/en_US/release_notes_5_7.rst
@ -31,6 +31,7 @@ Bug fixes
 | `Issue #6564 <https://redmine.postgresql.org/issues/6564>`_ -  Fixed an issue where columns with sequences get altered unnecessarily with a schema diff tool.
 | `Issue #6570 <https://redmine.postgresql.org/issues/6570>`_ -  Ensure that the lock panel should not be blocked for larger records.
 | `Issue #6572 <https://redmine.postgresql.org/issues/6572>`_ -  Partially fixes the data output panel display issue.
+| `Issue #6627 <https://redmine.postgresql.org/issues/6627>`_ -  Introduced OAUTH2_SCOPE variable for the Oauth2 scope configuration.
 | `Issue #6641 <https://redmine.postgresql.org/issues/6641>`_ -  Enables pgAdmin to retrieve user permissions in case of nested roles which helps to terminate the session for AWS RDS.
 | `Issue #6663 <https://redmine.postgresql.org/issues/6663>`_ -  Fixed no attribute '_asdict' error when connecting the database server.
 | `Issue #6668 <https://redmine.postgresql.org/issues/6668>`_ -  Fixed errors related to HTML tags shown in the error message for JSON editor.
--- a/web/config.py
+++ b/web/config.py
@ -710,6 +710,9 @@ OAUTH2_CONFIG = [
        'OAUTH2_API_BASE_URL': None,
        # Name of the Endpoint, ex: user
        'OAUTH2_USERINFO_ENDPOINT': None,
+        # Oauth scope, ex: 'openid email profile'
+        # Note that an 'email' claim is required in the resulting profile
+        'OAUTH2_SCOPE': None,
        # Font-awesome icon, ex: fa-github
        'OAUTH2_ICON': None,
        # UI button colour, ex: #0000ff
--- a/web/pgadmin/authenticate/oauth2.py
+++ b/web/pgadmin/authenticate/oauth2.py
@ -104,7 +104,9 @@ class OAuth2Authentication(BaseAuthentication):
                access_token_url=oauth2_config['OAUTH2_TOKEN_URL'],
                authorize_url=oauth2_config['OAUTH2_AUTHORIZATION_URL'],
                api_base_url=oauth2_config['OAUTH2_API_BASE_URL'],
-                client_kwargs={'scope': 'email profile'}
+                client_kwargs={'scope': oauth2_config.get(
+                    'OAUTH2_SCOPE', 'email profile')},
+
            )

    def get_source_name(self):
--- a/web/pgadmin/browser/tests/test_oauth2_with_mocking.py
+++ b/web/pgadmin/browser/tests/test_oauth2_with_mocking.py
@ -58,6 +58,7 @@ class Oauth2LoginMockTestCase(BaseTestGenerator):
                    'https://github.com/login/oauth/authorize',
                'OAUTH2_API_BASE_URL': 'https://api.github.com/',
                'OAUTH2_USERINFO_ENDPOINT': 'user',
+                'OAUTH2_SCOPE': 'email profile',
                'OAUTH2_ICON': 'fa-github',
                'OAUTH2_BUTTON_COLOR': '#3253a8',
            }