From 12435c9eca85d13660bb13ec71084e7a6a861a43 Mon Sep 17 00:00:00 2001
From: SATYAsasini <satya.prakash@devtron.ai>
Date: Wed, 3 Sep 2025 16:04:33 +0530
Subject: [PATCH] misc: authenticator sync

---
 go.mod                                        |  2 +-
 go.sum                                        |  4 ++--
 .../authenticator/client/oidcClient.go        | 24 ++++++++++++++++++-
 vendor/modules.txt                            |  4 ++--
 4 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 06d6106d44..ed69b8030a 100644
--- a/go.mod
+++ b/go.mod
@@ -335,7 +335,7 @@ require (
 replace (
 	github.com/argoproj/argo-workflows/v3 v3.5.13 => github.com/devtron-labs/argo-workflows/v3 v3.5.13
 	github.com/cyphar/filepath-securejoin v0.4.1 => github.com/cyphar/filepath-securejoin v0.3.6 // indirect
-	github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250806142853-d5a47198188d
+	github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250903065916-8e6032eb99c7
 	github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250806142853-d5a47198188d
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 => go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1
 )
diff --git a/go.sum b/go.sum
index d01bdaae31..075b565b18 100644
--- a/go.sum
+++ b/go.sum
@@ -237,8 +237,8 @@ github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc h1:VRRKCwnzq
 github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/devtron-labs/argo-workflows/v3 v3.5.13 h1:3pINq0gXOSeTw2z/vYe+j80lRpSN5Rp/8mfQORh8SmU=
 github.com/devtron-labs/argo-workflows/v3 v3.5.13/go.mod h1:/vqxcovDPT4zqr4DjR5v7CF8ggpY1l3TSa2CIG3jmjA=
-github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250806142853-d5a47198188d h1:+g3SnMSqHWPpKkU2fdp1dTkcPvedXuZ6kVR7S4U4IvU=
-github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250806142853-d5a47198188d/go.mod h1:9LCkYfiWaEKIBkmxw9jX1GujvEMyHwmDtVsatffAkeU=
+github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250903065916-8e6032eb99c7 h1:X90yJX2OtyyWkXtRSV2yGK1juyTD475DbCUhIaG6VOw=
+github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250903065916-8e6032eb99c7/go.mod h1:9LCkYfiWaEKIBkmxw9jX1GujvEMyHwmDtVsatffAkeU=
 github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250806142853-d5a47198188d h1:PcwklqogA1ppPtC0M2jn2QiFAkoKKeOY2tbNOCjedeI=
 github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250806142853-d5a47198188d/go.mod h1:/Ciy9tD9OxZOWBDPIasM448H7uvSo4+ZJiExpfwBZpA=
 github.com/devtron-labs/go-bitbucket v0.9.60-beta h1:VEx1jvDgdtDPS6A1uUFoaEi0l1/oLhbr+90xOwr6sDU=
diff --git a/vendor/github.com/devtron-labs/authenticator/client/oidcClient.go b/vendor/github.com/devtron-labs/authenticator/client/oidcClient.go
index 551dec305e..935311e363 100644
--- a/vendor/github.com/devtron-labs/authenticator/client/oidcClient.go
+++ b/vendor/github.com/devtron-labs/authenticator/client/oidcClient.go
@@ -47,13 +47,35 @@ func GetSettings(conf *DexConfig) (*oidc.Settings, error) {
 			ClientSecret:    conf.DexClientSecret,
 			Issuer:          proxyUrl,
 			ServerSecret:    conf.ServerSecret,
-			RequestedScopes: conf.DexScopes,
+			RequestedScopes: conf.GetDexScopes(),
 		},
 		UserSessionDuration: time.Duration(conf.UserSessionDurationSeconds) * time.Second,
 		AdminPasswordMtime:  conf.AdminPasswordMtime,
 	}
 	return settings, nil
 }
+func (conf *DexConfig) GetDexScopes() []string {
+	// passing empty array to get default scopes
+	defaultScopes := oidc.GetScopesOrDefault([]string{})
+	additionalScopes := conf.DexScopes
+
+	occurrenceMap := make(map[string]bool)
+	finalScopes := make([]string, 0, len(defaultScopes)+len(additionalScopes))
+
+	// first add all the default
+	for _, scope := range defaultScopes {
+		occurrenceMap[scope] = true
+		finalScopes = append(finalScopes, scope)
+	}
+	// append extra configs
+	for _, scope := range additionalScopes {
+		if _, exists := occurrenceMap[scope]; !exists {
+			occurrenceMap[scope] = true
+			finalScopes = append(finalScopes, scope)
+		}
+	}
+	return finalScopes
+}
 func getOidcClient(dexServerAddress string, settings *oidc.Settings, userVerifier oidc.UserVerifier, RedirectUrlSanitiser oidc.RedirectUrlSanitiser) (*oidc.ClientApp, func(writer http.ResponseWriter, request *http.Request), error) {
 	dexClient := &http.Client{
 		Transport: &http.Transport{
diff --git a/vendor/modules.txt b/vendor/modules.txt
index f17d7b3b5a..c36d4177a4 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -523,7 +523,7 @@ github.com/davecgh/go-spew/spew
 # github.com/deckarep/golang-set v1.8.0
 ## explicit; go 1.17
 github.com/deckarep/golang-set
-# github.com/devtron-labs/authenticator v0.4.35-0.20240809073103-6e11da8083f8 => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250806142853-d5a47198188d
+# github.com/devtron-labs/authenticator v0.4.35-0.20240809073103-6e11da8083f8 => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250903065916-8e6032eb99c7
 ## explicit; go 1.24.0
 github.com/devtron-labs/authenticator/apiToken
 github.com/devtron-labs/authenticator/client
@@ -2654,5 +2654,5 @@ xorm.io/xorm/log
 xorm.io/xorm/names
 xorm.io/xorm/schemas
 xorm.io/xorm/tags
-# github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250806142853-d5a47198188d
+# github.com/devtron-labs/authenticator => github.com/devtron-labs/devtron-services/authenticator v0.0.0-20250903065916-8e6032eb99c7
 # github.com/devtron-labs/common-lib => github.com/devtron-labs/devtron-services/common-lib v0.0.0-20250806142853-d5a47198188d