Release Notes
0.422 (13 Oct 2025)

13 October, 2025

This release adds the ability to configure custom OAuth scopes for SSO providers.

Custom SSO Scopes

When using Single Sign-On (SSO) with identity providers like Google, you can now configure which OAuth scopes are requested during authentication. This gives you control over what user information is available to your application.

By default, Keel requests the openid, email, and profile scopes. You can now customize this in your keelconfig.yaml:

auth:
  providers:
    - type: google
      name: google_client
      clientId: your-client-id
      scopes:
        - openid
        - email
        - profile
        - https://www.googleapis.com/auth/calendar.readonly

Use Cases

Custom scopes are useful when you need to:

  • Request additional permissions - Access Google Calendar, Drive, or other APIs on behalf of the user
  • Minimize data collection - Request only the scopes you actually need (e.g., just openid and email)
  • Integrate with custom OIDC providers - Use provider-specific scopes for your organization's identity provider

Notes

  • The openid scope is always included automatically, as it's required for OIDC authentication
  • Available scopes depend on your identity provider - check their documentation for supported values
  • Changing scopes may require users to re-authenticate to grant the new permissions

Fixes and Improvements

For a full list of fixes and improvements, check out our GitHub releases page (opens in a new tab).

For any issues or feedback, please contact us at help@keel.so.

Thank you for using Keel!

0.424 (05 Nov 2025)0.416 (04 Aug 2025)