From c8047bf4fa6b600ef33f88415869ba572e2a3f7b Mon Sep 17 00:00:00 2001
From: Lurkars <git@8lh.de>
Date: Mon, 28 Feb 2022 12:09:33 +0100
Subject: [PATCH] change to scope variable in enviroment

---
 docker-compose.single-domain.yaml      | 2 +-
 docker-compose.yaml                    | 2 +-
 pusher/src/Enum/EnvironmentVariable.ts | 2 +-
 pusher/src/Services/OpenIDClient.ts    | 7 +++++--
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/docker-compose.single-domain.yaml b/docker-compose.single-domain.yaml
index 5972df58..b9149ba0 100644
--- a/docker-compose.single-domain.yaml
+++ b/docker-compose.single-domain.yaml
@@ -76,7 +76,7 @@ services:
       OPID_CLIENT_ISSUER: $OPID_CLIENT_ISSUER
       OPID_CLIENT_REDIRECT_URL: $OPID_CLIENT_REDIRECT_URL
       OPID_PROFILE_SCREEN_PROVIDER: $OPID_PROFILE_SCREEN_PROVIDER
-      OPID_ADDITIONAL_SCOPES: $OPID_ADDITIONAL_SCOPES
+      OPID_SCOPE: $OPID_SCOPE
       OPID_USERNAME_CLAIM: $OPID_USERNAME_CLAIM
       OPID_LOCALE_CLAIM: $OPID_LOCALE_CLAIM
       DISABLE_ANONYMOUS: $DISABLE_ANONYMOUS
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 68ee2c3b..3c16ce00 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -85,7 +85,7 @@ services:
       OPID_CLIENT_ISSUER: $OPID_CLIENT_ISSUER
       OPID_CLIENT_REDIRECT_URL: $OPID_CLIENT_REDIRECT_URL
       OPID_PROFILE_SCREEN_PROVIDER: $OPID_PROFILE_SCREEN_PROVIDER
-      OPID_ADDITIONAL_SCOPES: $OPID_ADDITIONAL_SCOPES
+      OPID_SCOPE: $OPID_SCOPE
       OPID_USERNAME_CLAIM: $OPID_USERNAME_CLAIM
       OPID_LOCALE_CLAIM: $OPID_LOCALE_CLAIM
       DISABLE_ANONYMOUS: $DISABLE_ANONYMOUS
diff --git a/pusher/src/Enum/EnvironmentVariable.ts b/pusher/src/Enum/EnvironmentVariable.ts
index 347049b2..c0d33894 100644
--- a/pusher/src/Enum/EnvironmentVariable.ts
+++ b/pusher/src/Enum/EnvironmentVariable.ts
@@ -18,7 +18,7 @@ export const OPID_CLIENT_SECRET = process.env.OPID_CLIENT_SECRET || "";
 export const OPID_CLIENT_ISSUER = process.env.OPID_CLIENT_ISSUER || "";
 export const OPID_CLIENT_REDIRECT_URL = process.env.OPID_CLIENT_REDIRECT_URL || FRONT_URL + "/jwt";
 export const OPID_PROFILE_SCREEN_PROVIDER = process.env.OPID_PROFILE_SCREEN_PROVIDER || ADMIN_URL + "/profile";
-export const OPID_ADDITIONAL_SCOPES = process.env.OPID_ADDITIONAL_SCOPES || "";
+export const OPID_SCOPE = process.env.OPID_SCOPE || "openid email";
 export const OPID_USERNAME_CLAIM = process.env.OPID_USERNAME_CLAIM || "username";
 export const OPID_LOCALE_CLAIM = process.env.OPID_LOCALE_CLAIM || "locale";
 export const DISABLE_ANONYMOUS: boolean = process.env.DISABLE_ANONYMOUS === "true";
diff --git a/pusher/src/Services/OpenIDClient.ts b/pusher/src/Services/OpenIDClient.ts
index 4f600fc5..32bda560 100644
--- a/pusher/src/Services/OpenIDClient.ts
+++ b/pusher/src/Services/OpenIDClient.ts
@@ -6,7 +6,7 @@ import {
     OPID_CLIENT_REDIRECT_URL,
     OPID_USERNAME_CLAIM,
     OPID_LOCALE_CLAIM,
-    OPID_ADDITIONAL_SCOPES,
+    OPID_SCOPE,
 } from "../Enum/EnvironmentVariable";
 
 class OpenIDClient {
@@ -28,8 +28,11 @@ class OpenIDClient {
 
     public authorizationUrl(state: string, nonce: string, playUri?: string, redirect?: string) {
         return this.initClient().then((client) => {
+            if (!OPID_SCOPE.includes("email") || !OPID_SCOPE.includes("openid")) {
+                throw new Error("Invalid scope, 'email' and 'openid' are required in OPID_SCOPE.");
+            }
             return client.authorizationUrl({
-                scope: "openid email " + OPID_ADDITIONAL_SCOPES,
+                scope: OPID_SCOPE,
                 prompt: "login",
                 state: state,
                 nonce: nonce,