From c852b646f456ea5ec09d875c949d4cfbae46e45a Mon Sep 17 00:00:00 2001
From: Liam Mitchell <liam.mitchell@epicgames.com>
Date: Wed, 4 Mar 2026 17:31:29 -0800
Subject: Allow external OidcToken executable to be specified unless disabled
 via command line or config

---
 src/zenserver/storage/storageconfig.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/zenserver/storage/storageconfig.cpp')

diff --git a/src/zenserver/storage/storageconfig.cpp b/src/zenserver/storage/storageconfig.cpp
index 98167b4f6..1826adb99 100644
--- a/src/zenserver/storage/storageconfig.cpp
+++ b/src/zenserver/storage/storageconfig.cpp
@@ -497,6 +497,9 @@ ZenStorageServerConfigurator::AddConfigOptions(LuaConfig::Options& LuaOptions)
 	LuaOptions.AddOption("security.encryptionaesiv"sv, ServerOptions.EncryptionIV, "encryption-aes-iv"sv);
 	LuaOptions.AddOption("security.openidproviders"sv, ServerOptions.AuthConfig);
 	LuaOptions.AddOption("security.oidctokenexecutable"sv, ServerOptions.OidcTokenExecutable, "oidctoken-exe-path"sv);
+	LuaOptions.AddOption("security.allowexternaloidctokenexecutable"sv,
+						 ServerOptions.AllowExternalOidcTokenExe,
+						 "allow-external-oidctoken-exe"sv);
 
 	////// workspaces
 	LuaOptions.AddOption("workspaces.enabled"sv, ServerOptions.WorksSpacesConfig.Enabled, "workspaces-enabled"sv);
@@ -656,6 +659,12 @@ ZenStorageServerCmdLineOptions::AddSecurityOptions(cxxopts::Options& options, Ze
 					   "Path to OidcToken executable",
 					   cxxopts::value<std::string>(OidcTokenExecutable),
 					   "");
+	options.add_option("security",
+					   "",
+					   "allow-external-oidctoken-exe",
+					   "Allow requests to specify a path to an external OidcToken executable",
+					   cxxopts::value<bool>(ServerOptions.AllowExternalOidcTokenExe),
+					   "");
 }
 
 void
-- 
cgit v1.2.3