- add OIDC_CLAIM_ROLES to the requested scope in order for it to be filled in the token userinfo

2026-02-19 07:50:57 +01:00 · 2025-10-06 13:30:00 +03:00
parent 44c145b8f2
commit 3eb89c76df
1 changed files with 2 additions and 1 deletions
--- a/backend/decorators/auth.py
+++ b/backend/decorators/auth.py
@@ -10,6 +10,7 @@ from starlette.authentication import requires
 from starlette.config import Config

 from config import (
+    OIDC_CLAIM_ROLES,
    OIDC_CLIENT_ID,
    OIDC_CLIENT_SECRET,
    OIDC_ENABLED,
@@ -58,7 +59,7 @@ oauth.register(
        config.get("OIDC_SERVER_APPLICATION_URL"), external=True
    ),
    client_kwargs={
-        "scope": "openid profile email",
+        "scope": "openid profile email" + ((" " + OIDC_CLAIM_ROLES) if OIDC_CLAIM_ROLES else ""),
        "verify": OIDC_TLS_CACERTFILE,
    },
 )