Add oidc scope configuration option (#5926)

Author: carlesarnal

app/src/main/java/io/apicurio/registry/ui/config/UiConfigProperties.java

@@ -93,6 +93,11 @@ public class UiConfigProperties {
     @Info(category = "ui", description = "UI auth OIDC redirect URL", availableSince = "2.2.6.Final")
     String oidcRedirectUri;
 
+    @Inject
+    @ConfigProperty(name = "registry.ui.config.auth.oidc.scope", defaultValue = "openid profile email")
+    @Info(category = "ui", description = "UI auth OIDC scope value", availableSince = "2.6.8.Final")
+    String scope;
+
     private final Map<String, Object> keycloakConfig;
 
     /**
@@ -162,4 +167,8 @@ public String getOidcClientId() {
     public String getOidcRedirectUrl() {
         return oidcRedirectUri;
     }
+
+    public String getScope() {
+        return scope;
+    }
 }

app/src/main/java/io/apicurio/registry/ui/servlets/ConfigJsServlet.java

@@ -113,6 +113,7 @@ private void configureAuth(ConfigJs config) {
                 config.auth.options.put("clientId", uiConfig.getOidcClientId());
                 config.auth.options.put("url", uiConfig.getOidcUrl());
                 config.auth.options.put("redirectUri", uiConfig.getOidcRedirectUrl());
+                config.auth.options.put("scope", uiConfig.getScope());
             }
 
             config.auth.rbacEnabled = authConfig.isRbacEnabled();

app/src/main/resources/application.properties

@@ -78,6 +78,7 @@ registry.ui.config.auth.keycloak.onLoad=login-required
 registry.ui.config.auth.oidc.url=${REGISTRY_AUTH_URL_CONFIGURED:http://localhost:8090}
 registry.ui.config.auth.oidc.client-id=${REGISTRY_OIDC_UI_CLIENT_ID:default_client}
 registry.ui.config.auth.oidc.redirect-url=${REGISTRY_OIDC_UI_REDIRECT_URL:http://localhost:8080}
+registry.ui.config.auth.oidc.scope=${REGISTRY_OIDC_UI_SCOPE:openid email profile}
 
 
 quarkus.http.non-application-root-path=/

docs/modules/ROOT/partials/getting-started/ref-registry-all-configs.adoc

@@ -737,6 +737,11 @@ The following {registry} configuration options are available for each component
 |`none`
 |`2.2.6.Final`
 |UI auth OIDC redirect URL
+|`registry.ui.config.auth.oidc.scope`
+|`string`
+|`openid profile email`
+|`2.6.8.Final`
+|UI auth OIDC scope value
 |`registry.ui.config.auth.oidc.url`
 |`string`
 |`none`

ui/src/services/auth/auth.service.ts

@@ -6,7 +6,7 @@ import { LoggerService } from "../logger";
 import { UsersService } from "../users";
 import { User, UserManager, UserManagerSettings } from "oidc-client-ts";
 
-const KC_CONFIG_OPTIONS: string[] = ["url", "realm", "clientId", "redirectUri"];
+const KC_CONFIG_OPTIONS: string[] = ["url", "realm", "clientId", "redirectUri", "scope"];
 const KC_INIT_OPTIONS: string[] = [
     "useNonce", "adapter", "onLoad", "token", "refreshToken", "idToken", "timeSkew", "checkLoginIframe",
     "checkLoginIframeInterval", "responseMode", "redirectUri", "silentCheckSsoRedirectUri", "flow",
@@ -126,9 +126,8 @@ export class AuthService implements Service {
             client_id: configOptions.clientId,
             redirect_uri: configOptions.redirectUri,
             response_type: "code",
-            scope: "openid profile email",
-            filterProtocolClaims: true,
-            loadUserInfo: true
+            scope: configOptions.scope,
+            filterProtocolClaims: true
         };
     }