From 8c43b4b406fbdcc61e7fab6bd632d033145f6849 Mon Sep 17 00:00:00 2001
From: Helmut Merz <helmutm@cy55.de>
Date: Mon, 1 Sep 2025 08:54:08 +0200
Subject: [PATCH] OIDC authentication: provide link to view/edit user data

---
 scopes/web/auth/oidc.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/scopes/web/auth/oidc.py b/scopes/web/auth/oidc.py
index 2343c08..f5e7c51 100644
--- a/scopes/web/auth/oidc.py
+++ b/scopes/web/auth/oidc.py
@@ -10,7 +10,7 @@ import requests
 from time import time
 from urllib.parse import urlencode
 from zope.authentication.interfaces import IAuthentication, IPrincipal
-from zope.interface import implementer
+from zope.interface import Attribute, Interface, implementer
 from zope.publisher.interfaces import Unauthorized
 from zope.security.interfaces import IGroupAwarePrincipal
 
@@ -63,7 +63,11 @@ class OidcAuthentication:
 authentication = OidcAuthentication(None)
 
 
-@implementer(IGroupAwarePrincipal)
+class IExternalPrincipal(Interface):
+    extUserLink = Attribute('Link to OIDC provider for viewing/editing external user')
+
+
+@implementer(IGroupAwarePrincipal, IExternalPrincipal)
 class Principal:
 
     def __init__(self, id, data):
@@ -78,6 +82,10 @@ class Principal:
     def groups(self):
         return self.data.get('groups', [])
 
+    @property
+    def extUserLink(self):
+        return config.oidc_provider + '/ui/console/users/me'
+
     def asDict(self):
         data = self.data.copy()
         data['id'] = self.id