LX-77: Request email scope only when JIT enabled

gooddata · Feb 27, 2024 · 9d66b7f · 9d66b7f
1 parent c3ef901
commit 9d66b7f
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/gooddata-server-oauth2-autoconfigure/src/main/kotlin/AuthenticationUtils.kt b/gooddata-server-oauth2-autoconfigure/src/main/kotlin/AuthenticationUtils.kt
@@ -238,9 +238,9 @@ private fun ClientRegistration.Builder.withScopes(
 ): ClientRegistration.Builder {
     // in the future, we could check mandatory scopes against the supported ones
     val mandatoryScopes = listOf(OIDCScopeValue.OPENID, OIDCScopeValue.PROFILE).map(Scope.Value::getValue)
-    val userGroupsScope = if (jitEnabled == true) listOf(GD_USER_GROUPS_SCOPE) else listOf()
+    val userGroupsScope = if (jitEnabled == true) listOf(OIDCScopeValue.EMAIL.value, GD_USER_GROUPS_SCOPE) else listOf()
     val optionalScopes = supportedScopes
-        ?.filter { scope -> scope in listOf(OIDCScopeValue.EMAIL, OIDCScopeValue.OFFLINE_ACCESS) }
+        ?.filter { scope -> scope in listOf(OIDCScopeValue.OFFLINE_ACCESS) }
         ?.map(Scope.Value::getValue)
         ?: listOf()
     return scope(mandatoryScopes + optionalScopes + userGroupsScope)

diff --git a/gooddata-server-oauth2-autoconfigure/src/test/kotlin/AuthenticationUtilsTest.kt b/gooddata-server-oauth2-autoconfigure/src/test/kotlin/AuthenticationUtilsTest.kt
@@ -300,7 +300,7 @@ internal class AuthenticationUtilsTest {
         @JvmStatic
         fun jitEnabledArguments() = Stream.of(
             Arguments.of(true, listOf("openid", "profile", "email", "offline_access", GD_USER_GROUPS_SCOPE)),
-            Arguments.of(false, listOf("openid", "profile", "email", "offline_access"))
+            Arguments.of(false, listOf("openid", "profile", "offline_access"))
         )
 
         @Language("json")