rancher / dashboard

The Rancher UI
https://rancher.com
Apache License 2.0
465 stars 264 forks source link

Generic OIDC group scope is not sent in the request formed by the UI #12477

Open gaktive opened 1 month ago

gaktive commented 1 month ago

Internal reference: SURE-9143 Reported in 2.9.2

Issue description: Despite adding the "groups" scope in the OIDC config, the request that is generated is not including the "groups" scope.

Repro steps: OIDC configured and checked the generated request.

Workaround: None

Actual behavior: The request does not contain the group scope despite being configured.

Expected behavior: Expect the generated request to contain the group scope.

@mantis-toboggan-md was able to reproduce this issue and confirm it is a UI bug:

The UI ignores configured scopes and always uses the values configured here https://github.com/rancher/dashboard/blob/master/shell/store/auth.js#L16. Likely, we need to update the redirectTo method in that file to fetch the genericoidc authconfig object and use its scope field to construct the redirect url, instead of that list of defaults.

gaktive commented 3 weeks ago

/backport v2.10.1