From 07f3d48a9d1045e10dea85bcf8232b4be0025f81 Mon Sep 17 00:00:00 2001
From: Andrey Antukh <niwi@niwi.nz>
Date: Wed, 12 May 2021 09:47:13 +0200
Subject: [PATCH] :wrench: Allow override oidc scopes.

And relax default scopes to `profile` and `openid`.
---
 CHANGES.md                     | 5 +++++
 backend/src/app/http/oauth.clj | 3 +--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index b38886f84..5691c58bc 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -25,6 +25,11 @@
 
 ### :arrow_up: Deps updates
 ### :boom: Breaking changes
+
+- The OIDC setting `PENPOT_OIDC_SCOPES` has chenged the default semantincs. Before this
+  configuration added scopes to the default set. Now it replaces it, so use with care, because
+  penpot requires at least `name` and `email` props found on the user info object.
+
 ### :heart: Community contributions by (Thank you!)
 
 
diff --git a/backend/src/app/http/oauth.clj b/backend/src/app/http/oauth.clj
index 55c7a8a50..63b9f481d 100644
--- a/backend/src/app/http/oauth.clj
+++ b/backend/src/app/http/oauth.clj
@@ -232,8 +232,7 @@
               :token-uri     (cf/get :oidc-token-uri)
               :auth-uri      (cf/get :oidc-auth-uri)
               :user-uri      (cf/get :oidc-user-uri)
-              :scopes        (into #{"openid" "profile" "email" "name"}
-                                   (cf/get :oidc-scopes #{}))
+              :scopes        (cf/get :oidc-scopes #{"openid" "profile"})
               :roles-attr    (cf/get :oidc-roles-attr)
               :roles         (cf/get :oidc-roles)
               :name          "oidc"}]