Add support for OAuth2 scope parameter (#199)

* Add support for OAuth2 scope parameter

* Add description for OAuth2 scope parameter

* Update docs with OAuth2 scope parameter

* Make request params None if no scope

README.rst

@@ -131,6 +131,8 @@ The following environment variables are supported:
     Optional OAuth 2 authorization endpoint URL for protecting the UI.
 ``ACCESS_TOKEN_URL``
     Optional token endpoint URL for the OAuth 2 Authorization Code Grant flow.
+``SCOPE``
+    Optional scope specifies level of access that the application is requesting.
 ``CLUSTERS``
     Comma separated list of Kubernetes API server URLs. It defaults to ``http://localhost:8001/`` (default endpoint of ``kubectl proxy``).
 ``CLUSTER_REGISTRY_URL``

docs/access-control.rst

@@ -12,6 +12,8 @@ Relevant configuration settings (environment variables) for OAuth are:
     OAuth 2 authorization endpoint URL, e.g. https://oauth2.example.org/authorize
 ``ACCESS_TOKEN_URL``
     Token endpoint URL for the OAuth 2 Authorization Code Grant flow, e.g. https://oauth2.example.org/token
+``SCOPE``
+    OAuth 2 scopes provide a way to limit the amount of access that is granted to an access token, e.g. https://oauth2.example.org/authorize/readonly
 ``CREDENTIALS_DIR``
     Folder path to load client credentials from. The folder needs to contain two files: ``authcode-client-id`` and ``authcode-client-secret``.
 

kube_ops_view/main.py

@@ -34,6 +34,7 @@ logger = logging.getLogger(__name__)
 SERVER_STATUS = {'shutdown': False}
 AUTHORIZE_URL = os.getenv('AUTHORIZE_URL')
 APP_URL = os.getenv('APP_URL')
+SCOPE = os.getenv('SCOPE')
 
 app = Flask(__name__)
 
@@ -45,7 +46,8 @@ auth = OAuthRemoteAppWithRefresh(
     request_token_url=None,
     access_token_method='POST',
     access_token_url=os.getenv('ACCESS_TOKEN_URL'),
-    authorize_url=AUTHORIZE_URL
+    authorize_url=AUTHORIZE_URL,
+    request_token_params={'scope': SCOPE} if SCOPE else None
 )
 oauth.remote_apps['auth'] = auth