cameleer/cameleer-server
1
0
Fork 0
Code Issues 42 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: hardcode Logto org scopes in auth flow, hide from admin UI
All checks were successful
CI / cleanup-branch (push) Has been skipped
Details
CI / build (push) Successful in 1m48s
Details
CI / docker (push) Successful in 1m24s
Details
CI / deploy-feature (push) Has been skipped
Details
CI / deploy (push) Successful in 39s
Details

Browse Source 
Always include urn:logto:scope:organizations and
urn:logto:scope:organization_roles in OIDC auth requests. These are
required for role mapping in multi-tenant setups and harmless for
non-Logto providers (unknown scopes ignored per OIDC spec).

Filter them from the OIDC admin config page so they don't confuse
standalone server admins or SaaS tenants.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-10 15:37:40 +02:00
parent 0d610be3dc
commit f0658cbd07
3 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ui/src/auth/OidcCallback.tsx
View File

@@ -31,7 +31,8 @@ export function OidcCallback() {
api.GET('/auth/oidc/config').then(({ data }) => {
if (data?.authorizationEndpoint && data?.clientId) {
const redirectUri = `${window.location.origin}${config.basePath}oidc/callback`;
const scopes = ['openid', 'email', 'profile', ...(data.additionalScopes || [])];
const PLATFORM_SCOPES = ['urn:logto:scope:organizations', 'urn:logto:scope:organization_roles'];
const scopes = ['openid', 'email', 'profile', ...PLATFORM_SCOPES, ...(data.additionalScopes || [])];
const p = new URLSearchParams({
response_type: 'code',
client_id: data.clientId,