✨ feat: Add OpenID Audience Parameter (#8837)

* ✨ feat: Add OpenID audience parameter support in authorization requests * Updated .env.example to include OPENID_AUDIENCE variable for configuration. * Enhanced openidStrategy to set the audience parameter in authorization requests if specified, improving OpenID integration. * Update .env.example * Update openidStrategy.js --------- Co-authored-by: Danny Avila <danacordially@gmail.com>
2025-08-05 02:49:36 +08:00
parent dfdafdbd09
commit fcefc6eedf
2 changed files with 10 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -442,6 +442,8 @@ OPENID_REQUIRED_ROLE_PARAMETER_PATH=
 OPENID_USERNAME_CLAIM=
 # Set to determine which user info property returned from OpenID Provider to store as the User's name
 OPENID_NAME_CLAIM=
+# Optional audience parameter for OpenID authorization requests
+OPENID_AUDIENCE=

 OPENID_BUTTON_LABEL=
 OPENID_IMAGE_URL=
--- a/api/strategies/openidStrategy.js
+++ b/api/strategies/openidStrategy.js
@@ -104,6 +104,14 @@ class CustomOpenIDStrategy extends OpenIDStrategy {
    if (options?.state && !params.has('state')) {
      params.set('state', options.state);
    }
+
+    if (process.env.OPENID_AUDIENCE) {
+      params.set('audience', process.env.OPENID_AUDIENCE);
+      logger.debug(
+        `[openidStrategy] Adding audience to authorization request: ${process.env.OPENID_AUDIENCE}`,
+      );
+    }
+
    return params;
  }
 }