Add feature toggle to disable groups scope (#39)

* Update README.md Ad two to dos: - bool for scopes - "groups" scope configurable * Update README.md - Add scope bool to configuration options * Final Update for making scope "groups" optinal README: Add scope bool to configuration options Add two to dos: bool for scopes "groups" scope configurable config: Make scope "groups" a feature which can be deactivated init: Make the feature for the groups bool working in the scope variable * Remove double description * Update config.py
2025-02-14 19:03:14 +01:00
parent b39a65ff74
commit 29a2545396
3 changed files with 13 additions and 1 deletions
--- a/custom_components/auth_oidc/init.py
+++ b/custom_components/auth_oidc/init.py
@@ -20,6 +20,7 @@ from .config import (
    CLAIMS,
    ROLES,
    NETWORK,
+    FEATURES_INCLUDE_GROUPS_SCOPE,
 )

 # pylint: enable=useless-import-alias
@@ -53,7 +54,10 @@ async def async_setup(hass: HomeAssistant, config):
    _LOGGER.info("Registered OIDC provider")

    # We only use openid, profile & groups, never email
-    scope = "openid profile groups"
+    include_groups_scope = my_config[FEATURES].get(FEATURES_INCLUDE_GROUPS_SCOPE, True)
+    scope = "openid profile"
+    if include_groups_scope:
+        scope += " groups"

    oidc_client = oidc_client = OIDCClient(
        hass=hass,
--- a/custom_components/auth_oidc/config.py
+++ b/custom_components/auth_oidc/config.py
@@ -11,6 +11,7 @@ FEATURES = "features"
 FEATURES_AUTOMATIC_USER_LINKING = "automatic_user_linking"
 FEATURES_AUTOMATIC_PERSON_CREATION = "automatic_person_creation"
 FEATURES_DISABLE_PKCE = "disable_rfc7636"
+FEATURES_INCLUDE_GROUPS_SCOPE = "include_groups_scope"
 CLAIMS = "claims"
 CLAIMS_DISPLAY_NAME = "display_name"
 CLAIMS_USERNAME = "username"
@@ -56,6 +57,10 @@ CONFIG_SCHEMA = vol.Schema(
                        # Feature flag to disable PKCE to support OIDC servers that do not
                        # allow additional parameters and don't support RFC 7636
                        vol.Optional(FEATURES_DISABLE_PKCE): vol.Coerce(bool),
+                        # Make a bool which activates and deactivates scope 'groups'
+                        vol.Optional(
+                            FEATURES_INCLUDE_GROUPS_SCOPE, default=True
+                        ): vol.Coerce(bool),
                    }
                ),
                # Determine which specific claims will be used from the id_token