17704: Check scope before accepting OIDC access tokens.

[arvados.git] / lib / config / export.go

diff --git a/lib/config/export.go b/lib/config/export.go
index 5c0e9f270071b81792179c525cb47fa567955104..cdefc0b08336139afec6ab00bb3f1ea83bf4f9ba 100644 (file)
--- a/lib/config/export.go
+++ b/lib/config/export.go
@@ -157,6 +157,7 @@ var whitelist = map[string]bool{
        "Login.LDAP.UsernameAttribute":                        false,
        "Login.LoginCluster":                                  true,
        "Login.OpenIDConnect":                                 true,
+       "Login.OpenIDConnect.AcceptAccessTokenScope":          false,
        "Login.OpenIDConnect.AuthenticationRequestParameters": false,
        "Login.OpenIDConnect.ClientID":                        false,
        "Login.OpenIDConnect.ClientSecret":                    false,