SSO - Added custom scopes and claim types for OIDC (#1133)

* SSO - Added custom scopes and claim types for OIDC

* Removed redundant field labels

* Added acr_values to OIDC config + request

src/Core/Models/Data/SsoConfigurationData.cs

@@ -1,4 +1,6 @@
 using System;
+using System.Collections.Generic;
+using System.Linq;
 using Bit.Core.Enums;
 using Bit.Core.Sso;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
@@ -20,6 +22,11 @@ namespace Bit.Core.Models.Data
         public string MetadataAddress { get; set; }
         public OpenIdConnectRedirectBehavior RedirectBehavior { get; set; } = OpenIdConnectRedirectBehavior.FormPost;
         public bool GetClaimsFromUserInfoEndpoint { get; set; }
+        public string AdditionalScopes { get; set; }
+        public string AdditionalUserIdClaimTypes { get; set; }
+        public string AdditionalEmailClaimTypes { get; set; }
+        public string AdditionalNameClaimTypes { get; set; }
+        public string AcrValues { get; set; }
 
         // SAML2 IDP
         public string IdpEntityId { get; set; }
@@ -67,6 +74,30 @@ namespace Bit.Core.Models.Data
             return BuildSaml2ModulePath(ssoUri, scheme);
         }
 
+        public IEnumerable<string> GetAdditionalScopes() => AdditionalScopes?
+            .Split(',')?
+            .Where(c => !string.IsNullOrWhiteSpace(c))?
+            .Select(c => c.Trim()) ??
+            Array.Empty<string>();
+        
+        public IEnumerable<string> GetAdditionalUserIdClaimTypes() => AdditionalUserIdClaimTypes?
+            .Split(',')?
+            .Where(c => !string.IsNullOrWhiteSpace(c))?
+            .Select(c => c.Trim()) ??
+            Array.Empty<string>();
+        
+        public IEnumerable<string> GetAdditionalEmailClaimTypes() => AdditionalEmailClaimTypes?
+            .Split(',')?
+            .Where(c => !string.IsNullOrWhiteSpace(c))?
+            .Select(c => c.Trim()) ??
+            Array.Empty<string>();
+        
+        public IEnumerable<string> GetAdditionalNameClaimTypes() => AdditionalNameClaimTypes?
+            .Split(',')?
+            .Where(c => !string.IsNullOrWhiteSpace(c))?
+            .Select(c => c.Trim()) ??
+            Array.Empty<string>();
+
         private string BuildSsoUrl(string relativePath, string ssoUri)
         {
             if (string.IsNullOrWhiteSpace(ssoUri) ||

src/Core/Resources/SharedResources.en.resx

@@ -604,4 +604,20 @@
   <data name="PersonalOwnershipCheckboxDesc" xml:space="preserve">
     <value>Disable personal ownership for organization users</value>
   </data>
+  <data name="AdditionalScopes" xml:space="preserve">
+    <value>Additional/Custom Scopes (comma delimited)</value>
+  </data>
+  <data name="AdditionalUserIdClaimTypes" xml:space="preserve">
+    <value>Additional/Custom User ID Claim Types (comma delimited)</value>
+  </data>
+  <data name="AdditionalEmailClaimTypes" xml:space="preserve">
+    <value>Additional/Custom Email Claim Types (comma delimited)</value>
+  </data>
+  <data name="AdditionalNameClaimTypes" xml:space="preserve">
+    <value>Additional/Custom Name Claim Types (comma delimited)</value>
+  </data>
+  <data name="AcrValues" xml:space="preserve">
+    <value>Requested Authentication Context Class Reference values (acr_values)</value>
+    <comment>'acr_values' is an explicit OIDC param, see https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest. It should not be translated.</comment>
+  </data>
 </root>

src/Core/Utilities/CoreHelpers.cs

@@ -810,5 +810,15 @@ namespace Bit.Core.Utilities
 
             return System.Text.Json.JsonSerializer.Deserialize<T>(jsonData, options);
         }
+
+        public static ICollection<T> AddIfNotExists<T>(this ICollection<T> list, T item)
+        {
+            if (list.Contains(item))
+            {
+                return list;
+            }
+            list.Add(item);
+            return list;
+        }
     }
 }