diff --git a/crates/cli/src/commands/config.rs b/crates/cli/src/commands/config.rs index a1b57d3e..1bfdbb11 100644 --- a/crates/cli/src/commands/config.rs +++ b/crates/cli/src/commands/config.rs @@ -310,8 +310,10 @@ async fn sync(root: &super::Options, prune: bool, dry_run: bool) -> anyhow::Resu jwks_uri_override: provider.jwks_uri, discovery_mode, pkce_mode, - // TODO: get that from the config - additional_authorization_parameters: Vec::new(), + additional_authorization_parameters: provider + .additional_authorization_parameters + .into_iter() + .collect(), }, ) .await?; diff --git a/crates/config/src/sections/upstream_oauth2.rs b/crates/config/src/sections/upstream_oauth2.rs index 913c3f2c..e26362f6 100644 --- a/crates/config/src/sections/upstream_oauth2.rs +++ b/crates/config/src/sections/upstream_oauth2.rs @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -use std::ops::Deref; +use std::{ops::Deref, collections::BTreeMap}; use async_trait::async_trait; use mas_iana::{jose::JsonWebSignatureAlg, oauth::OAuthClientAuthenticationMethod}; @@ -302,6 +302,12 @@ pub struct Provider { /// provider #[serde(default)] pub claims_imports: ClaimsImports, + + /// Additional parameters to include in the authorization request + /// + /// Orders of the keys are not preserved. + #[serde(default)] + pub additional_authorization_parameters: BTreeMap, } impl Deref for Provider { diff --git a/docs/config.schema.json b/docs/config.schema.json index 6bd9e013..eb358ccf 100644 --- a/docs/config.schema.json +++ b/docs/config.schema.json @@ -2084,6 +2084,14 @@ "$ref": "#/definitions/ClaimsImports" } ] + }, + "additional_authorization_parameters": { + "description": "Additional parameters to include in the authorization request\n\nOrders of the keys are not preserved.", + "default": {}, + "type": "object", + "additionalProperties": { + "type": "string" + } } } },