Generic OpenId authentication
complete
Grugknuckle
ENHANCEMENT NEEDED! Please allow configuration of OIDC scopes.
Nicolas Giard I am using ver 1.0.102 and I can see that it has implemented Open ID Connect with the passport-openidconnect module.
Specifically, I'm reading lines 230 - 255 of the code here ...
https://github.com/Requarks/wiki/blob/73cd6af5b7b3338ff30e9466a8da9074cf9bbfad/server/libs/auth.js
On line 246, the OIDC strategy is extracting the user email address from the access token. However, the request being sent to the openid provider is only adding the 'openid' scope. It does NOT add the 'email' or 'profile' claim to the scopes. My openid provider (Okta) does NOT put the email into the id token unless I request the 'email' and 'profile' scopes. But the code above does not provide a way for a developer to add this scopes to the request.
Note that the passport-openidconnect module (which is being used now), while badly documented, does support adding the scope to the options when the passport strategy is initialized. see ...
https://github.com/jaredhanson/passport-openidconnect/blob/master/lib/strategy.js
(line 34)
So I'm simply requesting that you add this line
scope: appconfig.auth.oidc.scope,
to the auth.js file (https://github.com/Requarks/wiki/blob/73cd6af5b7b3338ff30e9466a8da9074cf9bbfad/server/libs/auth.js)
so that I can set that scope in my wiki.js config file.
Nicolas Giard
complete
Added in 2.0
Nicolas Giard
2.0 has fully modular authentication providers, which mean you could add OpenID very easily. It would be a matter of using this module: https://github.com/jaredhanson/passport-openid
Simon Coy
Nicolas Giard: Hi Nicolas. Sorry, but I'm totally new to WikiJS. Did 2.0 get released yet or are you talking about a future version? On github I only see version 1.0.8
Nicolas Giard
Simon Coy: 2.0 is under development. 1.0.9 is the latest stable version.