starred/pocket-id-pocket-id-1
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-09 14:53:00 +03:00
Code Issues 122 Packages Projects Releases 10 Wiki Activity

🚀 Feature: Force scopes #160

New Issue
Closed
opened 2025-10-07 23:55:42 +03:00 by OVERLORD · 2 comments
OVERLORD commented 2025-10-07 23:55:42 +03:00
Owner
Copy Link

Originally created by @pkondratev on GitHub.

Feature description

Hello! Thank you so much for the work you've done—the project is fantastic! A big request: could you add a feature allowing clients to forcibly pass certain scopes, even if the client didn't request them?

Pitch

The issue is that the 'groups' scope is only passed when the client requests it, but, for example, OpenGist doesn't request this scope, even though it relies on it if the user is an admin in some groups.

Originally created by @pkondratev on GitHub. ### Feature description Hello! Thank you so much for the work you've done—the project is fantastic! A big request: could you add a feature allowing clients to forcibly pass certain scopes, even if the client didn't request them? ### Pitch The issue is that the 'groups' scope is only passed when the client requests it, but, for example, OpenGist doesn't request this scope, even though it relies on it if the user is an admin in some groups.
OVERLORD added the feature label 2025-10-07 23:55:42 +03:00
OVERLORD commented 2025-10-07 23:55:46 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

Yes, I agree with @kmendell. OIDC clients should request the scopes that they need.

I'm not using OpenGist but after a quick search it seems like they don't support customizing the claims yet but there is an open feature request https://github.com/thomiceli/opengist/issues/460. Feel free to upvote the issue there.

@stonith404 commented on GitHub: Yes, I agree with @kmendell. OIDC clients [should request the scopes that they need](https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims). I'm not using OpenGist but after a quick search it seems like they don't support customizing the claims yet but there is an open feature request https://github.com/thomiceli/opengist/issues/460. Feel free to upvote the issue there.
OVERLORD commented 2025-10-07 23:55:46 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

This is something the client should request based on my knowledge. Based on the documentation: https://opengist.io/docs/configuration/oauth-providers.html#openid-connect. The two following config options should be used:

oidc.group-claim-name: groups        # Name of the claim containing the groups
oidc.admin-group: admin-group-name   # Name of the group that should receive admin rights
@kmendell commented on GitHub: This is something the client should request based on my knowledge. Based on the documentation: https://opengist.io/docs/configuration/oauth-providers.html#openid-connect. The two following config options should be used: ``` oidc.group-claim-name: groups # Name of the claim containing the groups oidc.admin-group: admin-group-name # Name of the group that should receive admin rights ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label feature
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-1#160
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?