Add sso params

server/config/settings/base.py

@@ -509,6 +509,14 @@ CACHES["learning_path_cache"] = {
 }
 
 # OAuth/OpenId Connect
+IT_OAUTH_TENANT_ID = env.str("IT_OAUTH_TENANT_ID", default=None)
+
+if IT_OAUTH_TENANT_ID:
+    IT_OAUTH_AUTHORIZE_PARAMS = {
+        'tenant_id': IT_OAUTH_TENANT_ID
+    }
+else:
+    IT_OAUTH_AUTHORIZE_PARAMS = {}
 
 OAUTH = {
     "client_name": env("IT_OAUTH_CLIENT_NAME", default="lernetz"),
@@ -516,10 +524,11 @@ OAUTH = {
     "client_secret": env("IT_OAUTH_CLIENT_SECRET", default=""),
     "access_token_url": env("IT_OAUTH_ACCESS_TOKEN_URL", default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/token"),
     "authorize_url": env("IT_OAUTH_AUTHORIZE_URL", default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/auth"),
+    "authorize_params": IT_OAUTH_AUTHORIZE_PARAMS,
     "api_base_url": env("IT_OAUTH_API_BASE_URL", default="https://sso.test.b.lernetz.host/auth/realms/vbv/protocol/openid-connect/"),
     "local_redirect_uri": env("IT_OAUTH_LOCAL_DIRECT_URI", default="http://localhost:8000/sso/callback/"),
     "client_kwargs": {
-        'scope': '',
+        'scope': env("IT_OAUTH_SCOPE", default=''),
         'token_endpoint_auth_method': 'client_secret_post',
         'token_placement': 'header',
     }

server/vbv_lernwelt/sso/client.py

@@ -23,7 +23,7 @@ oauth.register(
     access_token_url=settings.OAUTH["access_token_url"],
     access_token_params=None,
     authorize_url=settings.OAUTH["authorize_url"],
-    authorize_params=None,
+    authorize_params=settings.OAUTH["authorize_params"],
     api_base_url=settings.OAUTH["api_base_url"],
     client_kwargs=settings.OAUTH["client_kwargs"]
 )