fix(oauth): `openid` scope is not added by default / add scope name and list in dashboard (close #3274)

2 weeks ago · 2a59407916
parent a8a625e967
commit 2a59407916
2 changed files with 7 additions and 1 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 5eff3fc6db5494ab34af67d66ea6bd51a8605fcc
+Subproject commit 8e8a68141a38b21fc8c343ec03306bb620468274
--- a/service/oauth/oauth.go
+++ b/service/oauth/oauth.go
@ -16,6 +16,7 @@ import (
 	"github.com/cloudreve/Cloudreve/v4/pkg/serializer"
 	"github.com/cloudreve/Cloudreve/v4/pkg/util"
 	"github.com/gin-gonic/gin"
+	"github.com/samber/lo"
 )

 type (
@ -90,6 +91,11 @@ func (s *GrantService) Get(c *gin.Context) (*GrantResponse, error) {
 		return nil, serializer.NewError(serializer.CodeParamErr, "Invalid scope requested", nil)
 	}

+	// Must have openid scope
+	if !lo.Contains(requestedScopes, types.ScopeOpenID) {
+		return nil, serializer.NewError(serializer.CodeParamErr, "openid scope required", nil)
+	}
+
 	// 3. Create/update grant
 	if err := oAuthClient.UpsertGrant(c, user.ID, app.ID, requestedScopes); err != nil {
 		return nil, serializer.NewError(serializer.CodeDBError, "Failed to create grant", err)