From af4537e42155348e701003ac1e77fcd9c2cb709a Mon Sep 17 00:00:00 2001
From: Lunik <lunik@tiwabbit.fr>
Date: Fri, 16 Feb 2024 23:24:58 +0100
Subject: [PATCH 1/2] =?UTF-8?q?=E2=9C=A8=20Allow=20to=20configure=20scopes?=
 =?UTF-8?q?=20in=20generic=20SSO?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lunik <lunik@tiwabbit.fr>
---
 docs/my-website/docs/proxy/ui.md | 1 +
 litellm/proxy/proxy_server.py    | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/docs/my-website/docs/proxy/ui.md b/docs/my-website/docs/proxy/ui.md
index c98c85f2d5..cb92a1fb90 100644
--- a/docs/my-website/docs/proxy/ui.md
+++ b/docs/my-website/docs/proxy/ui.md
@@ -124,6 +124,7 @@ GENERIC_CLIENT_SECRET = "G*******"
 GENERIC_AUTHORIZATION_ENDPOINT = "http://localhost:9090/auth"
 GENERIC_TOKEN_ENDPOINT = "http://localhost:9090/token"
 GENERIC_USERINFO_ENDPOINT = "http://localhost:9090/me"
+GENERIC_SCOPE = "openid profile email"
 ```
 
 - Set Redirect URI, if your provider requires it
diff --git a/litellm/proxy/proxy_server.py b/litellm/proxy/proxy_server.py
index 3d4b591cd0..391a451821 100644
--- a/litellm/proxy/proxy_server.py
+++ b/litellm/proxy/proxy_server.py
@@ -4490,6 +4490,7 @@ async def google_login(request: Request):
         from fastapi_sso.sso.generic import create_provider, DiscoveryDocument
 
         generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)
+        generic_scope = os.getenv("GENERIC_SCOPE", "openid email profile").split(" ")
         generic_authorization_endpoint = os.getenv(
             "GENERIC_AUTHORIZATION_ENDPOINT", None
         )
@@ -4540,6 +4541,7 @@ async def google_login(request: Request):
             client_secret=generic_client_secret,
             redirect_uri=redirect_url,
             allow_insecure_http=True,
+            scope=generic_scope,
         )
         with generic_sso:
             return await generic_sso.get_login_redirect()
@@ -4690,6 +4692,7 @@ async def auth_callback(request: Request):
         from fastapi_sso.sso.generic import create_provider, DiscoveryDocument
 
         generic_client_secret = os.getenv("GENERIC_CLIENT_SECRET", None)
+        generic_scope = os.getenv("GENERIC_SCOPE", "openid email profile").split(" ")
         generic_authorization_endpoint = os.getenv(
             "GENERIC_AUTHORIZATION_ENDPOINT", None
         )
@@ -4740,6 +4743,7 @@ async def auth_callback(request: Request):
             client_secret=generic_client_secret,
             redirect_uri=redirect_url,
             allow_insecure_http=True,
+            scope=generic_scope,
         )
         verbose_proxy_logger.debug(f"calling generic_sso.verify_and_process")
         request_body = await request.body()

From 21552620edbe881180abdaf39f6a6a8a25abeab7 Mon Sep 17 00:00:00 2001
From: Lunik <lunik@tiwabbit.fr>
Date: Fri, 16 Feb 2024 23:40:59 +0100
Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=93=9D=20Clarify=20GENERIC=5FSCOPE=20?=
 =?UTF-8?q?usage?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lunik <lunik@tiwabbit.fr>
---
 docs/my-website/docs/proxy/ui.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/my-website/docs/proxy/ui.md b/docs/my-website/docs/proxy/ui.md
index cb92a1fb90..d29ad865a3 100644
--- a/docs/my-website/docs/proxy/ui.md
+++ b/docs/my-website/docs/proxy/ui.md
@@ -124,6 +124,10 @@ GENERIC_CLIENT_SECRET = "G*******"
 GENERIC_AUTHORIZATION_ENDPOINT = "http://localhost:9090/auth"
 GENERIC_TOKEN_ENDPOINT = "http://localhost:9090/token"
 GENERIC_USERINFO_ENDPOINT = "http://localhost:9090/me"
+```
+
+**Additional .env variables on your Proxy**
+```shell
 GENERIC_SCOPE = "openid profile email"
 ```