Load dynamic scopes from config (#2424)

2021-01-14 08:55:45 +01:00 · 2021-01-14 08:55:45 +01:00 · c30b452aa3
commit c30b452aa3
parent 8017725caa
1 changed files with 17 additions and 0 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
@ -38,6 +38,7 @@ has oidcRPList   => ( is => 'rw', default => sub { {} }, );
 has rpAttributes => ( is => 'rw', default => sub { {} }, );
 has spRules      => ( is => 'rw', default => sub { {} } );
 has spMacros     => ( is => 'rw', default => sub { {} } );
+has spScopeRules => ( is => 'rw', default => sub { {} } );

 # return LWP::UserAgent object
 has ua => (
@ -149,6 +150,22 @@ sub loadRPs {
                $self->spMacros->{$rp}->{$macroAttr} = $macroRule;
            }
        }
+
+        # Load per-RP dynamic scopes
+        my $scopes = $self->conf->{oidcRPMetaDataScopeRules}->{$rp};
+        for my $scopeName ( keys %{$scopes} ) {
+            my $scopeRule = $scopes->{$scopeName};
+            if ( length $scopeRule ) {
+                $scopeRule = $self->p->HANDLER->substitute($scopeRule);
+                unless ( $scopeRule = $self->p->HANDLER->buildSub($scopeRule) )
+                {
+                    $self->error( 'OIDC RP dynamic scope rule error: '
+                          . $self->p->HANDLER->tsv->{jail}->error );
+                    return 0;
+                }
+                $self->spScopeRules->{$rp}->{$scopeName} = $scopeRule;
+            }
+        }
    }
    return 1;
 }