Closed ricardojdsilva87 closed 4 years ago
tjuerge
commented
4 years ago The additional scopes configuration (introduced in #16) was replaced by all scopes used in authorization request:
In this scopes configuration you can remove all but the required 'openid' scope.
ricardojdsilva87
commented
4 years ago Thanks for the reply! Meanwhile we have integrated our application using a github plugin. The login uses OIDC via github that is already integrated. We'll have a 2nd option if meanwhile we have to take out Github out of the way.
Hello, I'm currently having an issue connecting to OIDC using the latest plugin version.
This is the request (URL and client_id hidden)
https://*******************?response_type=code&redirect_uri=https%3A%2F%2F*****************%2Foauth2%2Fcallback%2Foidc&state=kan17me88daf0t5rbh43s3btph&client_id=**************&scope=openid+email+profileThis is the response:
https://*******************/oauth2/callback/oidc?error_description=The+requested+scope+is+invalid%2C+unknown%2C+malformed%2C+or+exceeds+that+which+the+client+is+permitted+to+request.&state=kan17me88daf0t5rbh43s3btph&error=invalid_scopeI have looked into the configuration on the sonarqube plugin and there is no option to select only a few scopes. Currently the oidc I'm connecting to is configured to accept only iodc connections. Is there a way we can select which scopes would be called? As I can see this scope is default in most of the source files: https://github.com/vaulttec/sonar-auth-oidc/blob/6038f1aca832a7050e3b0454d780deb60e57ed34/src/test/java/org/vaulttec/sonarqube/auth/oidc/OidcClientTest.java#L64
Thanks for the help