feat: allow oauth scope to be configured

Author: julianlam

library.js

@@ -76,6 +76,10 @@ OAuth.loadStrategies = async (strategies) => {
 		callbackURL,
 		passReqToCallback: true,
 	}, async (req, token, secret, { id, displayName, email }, done) => {
+		if (![id, displayName, email].every(Boolean)) {
+			return done(new Error('insufficient-scope'));
+		}
+
 		const user = await OAuth.login({
 			name,
 			oAuthid: id,
@@ -92,12 +96,12 @@ OAuth.loadStrategies = async (strategies) => {
 		passport.use(configured[idx].name, strategy);
 	});
 
-	strategies.push(...configured.map(({ name }) => ({
+	strategies.push(...configured.map(({ name, scope }) => ({
 		name,
 		url: `/auth/${name}`,
 		callbackURL: `/auth/${name}/callback`,
 		icon: 'fa-check-square',
-		scope: 'openid email profile',
+		scope: scope || 'openid email profile',
 	})));
 
 	return strategies;

static/templates/partials/edit-oauth2-strategy.tpl

@@ -54,5 +54,17 @@
 				If a relative path is specified here, we will assume the hostname from the authorization URL.
 			</p>
 		</div>
+
+		<div class="mb-3">
+			<label class="form-label" for="scope">User Info URL</label>
+			<input type="text" id="scope" name="scope" title="User Info URL" class="form-control" placeholder="openid email profile" value="{./scope}">
+			<p class="form-text">
+				Scopes are used to limit the information returned by the user info URL to only that which is necessary.
+				Different implementations use different values.
+			</p>
+			<p class="form-text">
+				<strong>Default</strong> &mdash; <code>openid email profile</code>
+			</p>
+		</div>
 	</fieldset>
 </form>