From 01f73b20e4d60c0a0324ea0022bdbbcdf7b18f98 Mon Sep 17 00:00:00 2001
From: Sebastian Stehle <sebastian@squidex.io>
Date: Wed, 14 Feb 2024 20:11:24 +0100
Subject: [PATCH] Prompt setting for oidc.

---
 .../src/Squidex/Config/Authentication/OidcServices.cs    | 9 ++++-----
 backend/src/Squidex/Config/MyIdentityOptions.cs          | 2 ++
 backend/src/Squidex/appsettings.json                     | 5 +++--
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/backend/src/Squidex/Config/Authentication/OidcServices.cs b/backend/src/Squidex/Config/Authentication/OidcServices.cs
index fd2d993a6..908382a1f 100644
--- a/backend/src/Squidex/Config/Authentication/OidcServices.cs
+++ b/backend/src/Squidex/Config/Authentication/OidcServices.cs
@@ -7,6 +7,7 @@
 
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Squidex.Infrastructure;
 
 namespace Squidex.Config.Authentication;
 
@@ -20,11 +21,12 @@ public static class OidcServices
 
             authBuilder.AddOpenIdConnect("ExternalOidc", displayName, options =>
             {
+                options.Events = new OidcHandler(identityOptions);
                 options.Authority = identityOptions.OidcAuthority;
+                options.Prompt = identityOptions.OidcPrompt;
                 options.ClientId = identityOptions.OidcClient;
                 options.ClientSecret = identityOptions.OidcSecret;
                 options.RequireHttpsMetadata = identityOptions.RequiresHttps;
-                options.Events = new OidcHandler(identityOptions);
 
                 if (!string.IsNullOrEmpty(identityOptions.OidcMetadataAddress))
                 {
@@ -40,10 +42,7 @@ public static class OidcServices
 
                 if (identityOptions.OidcScopes != null)
                 {
-                    foreach (var scope in identityOptions.OidcScopes)
-                    {
-                        options.Scope.Add(scope);
-                    }
+                    options.Scope.AddRange(identityOptions.OidcScopes);
                 }
             });
         }
diff --git a/backend/src/Squidex/Config/MyIdentityOptions.cs b/backend/src/Squidex/Config/MyIdentityOptions.cs
index 41e4effcc..1c698d6cc 100644
--- a/backend/src/Squidex/Config/MyIdentityOptions.cs
+++ b/backend/src/Squidex/Config/MyIdentityOptions.cs
@@ -45,6 +45,8 @@ public sealed class MyIdentityOptions
 
     public string OidcSecret { get; set; }
 
+    public string OidcPrompt { get; set; }
+
     public string OidcAuthority { get; set; }
 
     public string OidcMetadataAddress { get; set; }
diff --git a/backend/src/Squidex/appsettings.json b/backend/src/Squidex/appsettings.json
index 78da954ad..21124e74f 100644
--- a/backend/src/Squidex/appsettings.json
+++ b/backend/src/Squidex/appsettings.json
@@ -585,8 +585,8 @@
         "suppressXFrameOptionsHeader": false,
 
         // Initial admin user.
-        "adminEmail": "hello@squidex.io",
-        "adminPassword": "1q2w3e$R",
+        "adminEmail": "",
+        "adminPassword": "",
 
         // Recreate the admin if it does not exist or the password does not match.
         "adminRecreate": true,
@@ -618,6 +618,7 @@
         "oidcAuthority": "",
         "oidcClient": "",
         "oidcSecret": "",
+        "oidcPrompt": null,
         "oidcMetadataAddress": "",
         "oidcScopes": [
             "email"