SSO - Added custom scopes and claim types for OIDC (#1133)

* SSO - Added custom scopes and claim types for OIDC * Removed redundant field labels * Added acr_values to OIDC config + request
2025-07-01 08:02:49 -05:00 · 2021-02-10 12:00:12 -05:00
parent 9f42357705
commit 6cc317c4ba
7 changed files with 181 additions and 51 deletions
--- a/src/Core/Models/Data/SsoConfigurationData.cs
+++ b/src/Core/Models/Data/SsoConfigurationData.cs
@ -1,4 +1,6 @@
 using System;
+using System.Collections.Generic;
+using System.Linq;
 using Bit.Core.Enums;
 using Bit.Core.Sso;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
@ -20,6 +22,11 @@ namespace Bit.Core.Models.Data
        public string MetadataAddress { get; set; }
        public OpenIdConnectRedirectBehavior RedirectBehavior { get; set; } = OpenIdConnectRedirectBehavior.FormPost;
        public bool GetClaimsFromUserInfoEndpoint { get; set; }
+        public string AdditionalScopes { get; set; }
+        public string AdditionalUserIdClaimTypes { get; set; }
+        public string AdditionalEmailClaimTypes { get; set; }
+        public string AdditionalNameClaimTypes { get; set; }
+        public string AcrValues { get; set; }

        // SAML2 IDP
        public string IdpEntityId { get; set; }
@ -67,6 +74,30 @@ namespace Bit.Core.Models.Data
            return BuildSaml2ModulePath(ssoUri, scheme);
        }

+        public IEnumerable<string> GetAdditionalScopes() => AdditionalScopes?
+            .Split(',')?
+            .Where(c => !string.IsNullOrWhiteSpace(c))?
+            .Select(c => c.Trim()) ??
+            Array.Empty<string>();
+        
+        public IEnumerable<string> GetAdditionalUserIdClaimTypes() => AdditionalUserIdClaimTypes?
+            .Split(',')?
+            .Where(c => !string.IsNullOrWhiteSpace(c))?
+            .Select(c => c.Trim()) ??
+            Array.Empty<string>();
+        
+        public IEnumerable<string> GetAdditionalEmailClaimTypes() => AdditionalEmailClaimTypes?
+            .Split(',')?
+            .Where(c => !string.IsNullOrWhiteSpace(c))?
+            .Select(c => c.Trim()) ??
+            Array.Empty<string>();
+        
+        public IEnumerable<string> GetAdditionalNameClaimTypes() => AdditionalNameClaimTypes?
+            .Split(',')?
+            .Where(c => !string.IsNullOrWhiteSpace(c))?
+            .Select(c => c.Trim()) ??
+            Array.Empty<string>();
+
        private string BuildSsoUrl(string relativePath, string ssoUri)
        {
            if (string.IsNullOrWhiteSpace(ssoUri) ||