Merge pull request #100811 from bergerhoffer/OCPBUGS-60626

bergerhoffer · web-flow · commit f64c1e773a05 · 2025-11-25T14:27:40.000-05:00
OCPBUGS#60626: Adding extra scopes
diff --git a/modules/external-auth-configuring.adoc b/modules/external-auth-configuring.adoc
@@ -92,6 +92,11 @@ spec:
     - clientID: console-test # <13>
       clientSecret:
         name: console-secret # <14>
+      componentName: console
+      componentNamespace: openshift-console
+      extraScopes: # <15>
+        - email
+        - profile
 ----
 <1> Must be set to `OIDC` to indicate to use an external OIDC identity provider.
 <2> Must be set to `null` when `type` is set to `OIDC`.
@@ -107,6 +112,7 @@ spec:
 <12> The client ID that your provider uses for the {oc-first}.
 <13> The client ID that your provider uses for the {product-title} web console.
 <14> The name of the secret that stores the secret value for the console client.
+<15> The extra scopes to request. Some providers, such as GitLab, might require extra scopes in order to log in through the web console properly.
 +
 For more details on all available parameters, see "OIDC provider configuration parameters".
 
