From 7042d73994c32b446c655736e0664e05cb137c87 Mon Sep 17 00:00:00 2001
From: Ales Krenek <ljocha@ics.muni.cz>
Date: Tue, 17 Sep 2024 11:35:39 +0000
Subject: [PATCH 1/2] enable extra_scopes config parameter also for Keycloak
 backend

---
 lib/galaxy/authnz/custos_authnz.py | 3 +++
 lib/galaxy/authnz/managers.py      | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/lib/galaxy/authnz/custos_authnz.py b/lib/galaxy/authnz/custos_authnz.py
index 806f6e1cafba..5236d84924b9 100644
--- a/lib/galaxy/authnz/custos_authnz.py
+++ b/lib/galaxy/authnz/custos_authnz.py
@@ -62,6 +62,7 @@ class CustosAuthnzConfiguration:
     pkce_support: bool
     accepted_audiences: List[str]
     extra_params: Optional[dict]
+    extra_scopes: List[str]
     authorization_endpoint: Optional[str]
     token_endpoint: Optional[str]
     end_session_endpoint: Optional[str]
@@ -98,6 +99,7 @@ def __init__(self, provider, oidc_config, oidc_backend_config, idphint=None):
                 )
             ),
             extra_params={},
+            extra_scopes=oidc_backend_config.get("extra_scopes",[]),
             authorization_endpoint=None,
             token_endpoint=None,
             end_session_endpoint=None,
@@ -156,6 +158,7 @@ def _get_provider_specific_scopes(self):
     def authenticate(self, trans, idphint=None):
         base_authorize_url = self.config.authorization_endpoint
         scopes = ["openid", "email", "profile"]
+        scopes.extend(self.config.extra_scopes)
         scopes.extend(self._get_provider_specific_scopes())
         oauth2_session = self._create_oauth2_session(scope=scopes)
         nonce = generate_nonce()
diff --git a/lib/galaxy/authnz/managers.py b/lib/galaxy/authnz/managers.py
index 7af14e776895..0e6d27d6589c 100644
--- a/lib/galaxy/authnz/managers.py
+++ b/lib/galaxy/authnz/managers.py
@@ -213,6 +213,8 @@ def _parse_custos_config(self, config_xml):
             rtv["ca_bundle"] = config_xml.find("ca_bundle").text
         if config_xml.find("icon") is not None:
             rtv["icon"] = config_xml.find("icon").text
+        if config_xml.find("extra_scopes") is not None:
+            rtv["extra_scopes"] = listify(config_xml.find("extra_scopes").text)
         if config_xml.find("pkce_support") is not None:
             rtv["pkce_support"] = asbool(config_xml.find("pkce_support").text)
         if config_xml.find("accepted_audiences") is not None:

From 244ff927ca1af900b6d805d96f2fceba9526c2da Mon Sep 17 00:00:00 2001
From: Ales Krenek <ljocha@ics.muni.cz>
Date: Tue, 17 Sep 2024 15:29:09 +0200
Subject: [PATCH 2/2] make flake happy

---
 lib/galaxy/authnz/custos_authnz.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/galaxy/authnz/custos_authnz.py b/lib/galaxy/authnz/custos_authnz.py
index 5236d84924b9..4974ff57a122 100644
--- a/lib/galaxy/authnz/custos_authnz.py
+++ b/lib/galaxy/authnz/custos_authnz.py
@@ -99,7 +99,7 @@ def __init__(self, provider, oidc_config, oidc_backend_config, idphint=None):
                 )
             ),
             extra_params={},
-            extra_scopes=oidc_backend_config.get("extra_scopes",[]),
+            extra_scopes=oidc_backend_config.get("extra_scopes", []),
             authorization_endpoint=None,
             token_endpoint=None,
             end_session_endpoint=None,