From 74887baa86bd0eb6f6fcd21f5e14fde79a65516e Mon Sep 17 00:00:00 2001
From: myml <wurongjie1@gmail.com>
Date: Tue, 12 Apr 2022 12:14:02 +0800
Subject: [PATCH] feat(auth): OAuth2 scope support (#5181)

---
 server/modules/authentication/oauth2/authentication.js | 3 ++-
 server/modules/authentication/oauth2/definition.yml    | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/server/modules/authentication/oauth2/authentication.js b/server/modules/authentication/oauth2/authentication.js
index 414de7a9..1ac9901b 100644
--- a/server/modules/authentication/oauth2/authentication.js
+++ b/server/modules/authentication/oauth2/authentication.js
@@ -17,7 +17,8 @@ module.exports = {
       clientSecret: conf.clientSecret,
       userInfoURL: conf.userInfoURL,
       callbackURL: conf.callbackURL,
-      passReqToCallback: true
+      passReqToCallback: true,
+      scope: conf.scope
     }, async (req, accessToken, refreshToken, profile, cb) => {
       try {
         const user = await WIKI.models.users.processProfile({
diff --git a/server/modules/authentication/oauth2/definition.yml b/server/modules/authentication/oauth2/definition.yml
index 3774a2d4..38d13901 100644
--- a/server/modules/authentication/oauth2/definition.yml
+++ b/server/modules/authentication/oauth2/definition.yml
@@ -59,3 +59,8 @@ props:
     title: Logout URL
     hint: (optional) Logout URL on the OAuth2 provider where the user will be redirected to complete the logout process.
     order: 9
+  scope:
+    type: String
+    title: Scope
+    hint: (optional) Application Client permission scopes.
+    order: 10