From 3eb89c76df3fd8d7d5690fb301cbcda246d3ba3a Mon Sep 17 00:00:00 2001
From: Marius Luca <marius@dreamer-ge.com>
Date: Mon, 6 Oct 2025 13:30:00 +0300
Subject: [PATCH] - add OIDC_CLAIM_ROLES to the requested scope in order for it
 to be filled in the token userinfo

---
 backend/decorators/auth.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/decorators/auth.py b/backend/decorators/auth.py
index 689423c5f..7e967f710 100644
--- a/backend/decorators/auth.py
+++ b/backend/decorators/auth.py
@@ -10,6 +10,7 @@ from starlette.authentication import requires
 from starlette.config import Config
 
 from config import (
+    OIDC_CLAIM_ROLES,
     OIDC_CLIENT_ID,
     OIDC_CLIENT_SECRET,
     OIDC_ENABLED,
@@ -58,7 +59,7 @@ oauth.register(
         config.get("OIDC_SERVER_APPLICATION_URL"), external=True
     ),
     client_kwargs={
-        "scope": "openid profile email",
+        "scope": "openid profile email" + ((" " + OIDC_CLAIM_ROLES) if OIDC_CLAIM_ROLES else ""),
         "verify": OIDC_TLS_CACERTFILE,
     },
 )