commit ef94c79fca31be30040e231847693ae8a3b73c29
parent 571e6940d0374332b3ba7d7ecb93c029ce499589
Author: Christian Grothoff <grothoff@gnunet.org>
Date: Sun, 7 Dec 2025 17:51:42 +0100
pass scope to /authorize endpoint, if configured
Diffstat:
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/src/kyclogic/plugin_kyclogic_oauth2.c b/src/kyclogic/plugin_kyclogic_oauth2.c
@@ -113,6 +113,11 @@ struct TALER_KYCLOGIC_ProviderDetails
char *client_secret;
/**
+ * OAuth2 scope, NULL if not used
+ */
+ char *scope;
+
+ /**
* Where to redirect clients after the
* Web-based KYC process is done?
*/
@@ -329,6 +334,7 @@ oauth2_unload_configuration (struct TALER_KYCLOGIC_ProviderDetails *pd)
GNUNET_free (pd->info_url);
GNUNET_free (pd->client_id);
GNUNET_free (pd->client_secret);
+ GNUNET_free (pd->scope);
GNUNET_free (pd->post_kyc_redirect_url);
GNUNET_free (pd->conversion_binary);
GNUNET_free (pd);
@@ -380,6 +386,15 @@ oauth2_load_configuration (void *cls,
}
pd->client_id = s;
+ if (GNUNET_OK ==
+ GNUNET_CONFIGURATION_get_value_string (ps->cfg,
+ provider_section_name,
+ "KYC_OAUTH2_SCOPE",
+ &s))
+ {
+ pd->scope = s;
+ }
+
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (ps->cfg,
provider_section_name,
@@ -612,11 +627,14 @@ initiate_with_url (struct TALER_KYCLOGIC_InitiateHandle *ih,
GNUNET_free (redirect_uri);
}
GNUNET_asprintf (&url,
- "%s?response_type=code&client_id=%s&redirect_uri=%s&state=%s",
+ "%s?response_type=code&client_id=%s&redirect_uri=%s&state=%s&scope=%s",
authorize_url,
pd->client_id,
redirect_uri_encoded,
- hps);
+ hps,
+ NULL != pd->scope
+ ? pd->scope
+ : "");
GNUNET_free (redirect_uri_encoded);
}
ih->cb (ih->cb_cls,
