Add Additional Scopes to Maximize Functionality from Custom idP (#80)

* add additional scopes to config schema Keep original groups setting for backwards compatibility. * fix weird text issue * Add support for additional scopes in OIDC setup * fix compile error * Update documentation to include description of additional oidc scopes * clarify documentation
2025-07-09 02:55:37 -05:00
parent cb4d72a148
commit b4d5d7f2bf
3 changed files with 13 additions and 0 deletions
--- a/custom_components/auth_oidc/init.py
+++ b/custom_components/auth_oidc/init.py
@@ -17,6 +17,7 @@ from .config import (
    DISPLAY_NAME,
    ID_TOKEN_SIGNING_ALGORITHM,
    GROUPS_SCOPE,
+    ADDITIONAL_SCOPES,
    FEATURES,
    CLAIMS,
    ROLES,
@@ -66,6 +67,13 @@ async def async_setup(hass: HomeAssistant, config):
    groups_scope = my_config.get(GROUPS_SCOPE, "groups")
    if include_groups_scope:
        scope += " " + groups_scope
+    # Add additional scopes if configured
+    additional_scopes = my_config.get(ADDITIONAL_SCOPES, [])
+    if additional_scopes:
+        # Ensure we have a space before adding additional scopes
+        if scope:
+            scope += " "
+        scope += " ".join(additional_scopes)

    # Create the OIDC client
    oidc_client = oidc_client = OIDCClient(
--- a/custom_components/auth_oidc/config.py
+++ b/custom_components/auth_oidc/config.py
@@ -8,6 +8,7 @@ DISCOVERY_URL = "discovery_url"
 DISPLAY_NAME = "display_name"
 ID_TOKEN_SIGNING_ALGORITHM = "id_token_signing_alg"
 GROUPS_SCOPE = "groups_scope"
+ADDITIONAL_SCOPES = "additional_scopes"
 FEATURES = "features"
 FEATURES_AUTOMATIC_USER_LINKING = "automatic_user_linking"
 FEATURES_AUTOMATIC_PERSON_CREATION = "automatic_person_creation"
@@ -46,6 +47,9 @@ CONFIG_SCHEMA = vol.Schema(
                # String value to allow changing the groups scope
                # Defaults to 'groups' which is used by Authelia and Authentik
                vol.Optional(GROUPS_SCOPE, default="groups"): vol.Coerce(str),
+                # Additional scopes to request from the OIDC provider
+                # Optional, this field is unnecessary if you only use the openid and profile scopes.
+                vol.Optional(ADDITIONAL_SCOPES, default=[]): vol.Coerce(list[str]),
                # Which features should be enabled/disabled?
                # Optional, defaults to sane/secure defaults
                vol.Optional(FEATURES): vol.Schema(