diff --git a/CHANGES.md b/CHANGES.md index b38886f84..5691c58bc 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -25,6 +25,11 @@ ### :arrow_up: Deps updates ### :boom: Breaking changes + +- The OIDC setting `PENPOT_OIDC_SCOPES` has chenged the default semantincs. Before this + configuration added scopes to the default set. Now it replaces it, so use with care, because + penpot requires at least `name` and `email` props found on the user info object. + ### :heart: Community contributions by (Thank you!) diff --git a/backend/src/app/http/oauth.clj b/backend/src/app/http/oauth.clj index 55c7a8a50..63b9f481d 100644 --- a/backend/src/app/http/oauth.clj +++ b/backend/src/app/http/oauth.clj @@ -232,8 +232,7 @@ :token-uri (cf/get :oidc-token-uri) :auth-uri (cf/get :oidc-auth-uri) :user-uri (cf/get :oidc-user-uri) - :scopes (into #{"openid" "profile" "email" "name"} - (cf/get :oidc-scopes #{})) + :scopes (cf/get :oidc-scopes #{"openid" "profile"}) :roles-attr (cf/get :oidc-roles-attr) :roles (cf/get :oidc-roles) :name "oidc"}]