feat: publish RBAC scopes in OAuth2 metadata endpoints#19942
Merged
ThomasK33 merged 1 commit intoSep 26, 2025
Conversation
This was referenced Sep 24, 2025
Member
Author
d62d594 to
57ec770
Compare
c86d555 to
b630882
Compare
411151c to
73e3922
Compare
b630882 to
143c808
Compare
73e3922 to
3f1594c
Compare
143c808 to
93a509e
Compare
3f1594c to
dd9a21c
Compare
93a509e to
8707c00
Compare
dd9a21c to
0edbf0c
Compare
8707c00 to
2b7e3a9
Compare
0edbf0c to
bb211fa
Compare
2b7e3a9 to
20c22fe
Compare
bb211fa to
a4a9d57
Compare
20c22fe to
22123c0
Compare
a4a9d57 to
acadd79
Compare
22123c0 to
3eeb008
Compare
acadd79 to
b8267e1
Compare
3eeb008 to
350aacf
Compare
350aacf to
58e600e
Compare
9e0bf76 to
f851f7f
Compare
58e600e to
36b876b
Compare
f851f7f to
907f0c3
Compare
36b876b to
55d1084
Compare
907f0c3 to
9e0bf76
Compare
55d1084 to
58e600e
Compare
9e0bf76 to
1c54aa1
Compare
fb54cae to
c6efbe0
Compare
1c54aa1 to
92a39d1
Compare
c6efbe0 to
94ad114
Compare
Emyrk
approved these changes
Sep 25, 2025
94ad114 to
716c772
Compare
1d1eb15 to
fd6e329
Compare
716c772 to
8f4b99b
Compare
johnstcn
approved these changes
Sep 26, 2025
Member
Author
Merge activity
|
Replace empty slice placeholders with rbac.ExternalScopeNames() to publish supported OAuth2 scopes from the curated RBAC scope catalog in both authorization server and protected resource metadata endpoints. Update tests to verify proper scope exposure instead of empty arrays.
8f4b99b to
9de28ef
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Publish supported OAuth2 scopes from RBAC external scope names
This PR updates the OAuth2 metadata endpoints to publish the supported scopes from the RBAC external scope names. Previously, the
ScopesSupportedfield was empty with a TODO to implement a scope system. Now, both the authorization server metadata and protected resource metadata endpoints return the list of scopes fromrbac.ExternalScopeNames().The tests have been updated to verify that the correct scopes are being returned in the metadata responses.