commit a9a47a00a158210534844aeb8c51b7147a5671e8
author Daniel Gruno <humbedooh@apache.org> Wed Oct 08 18:25:40 2025 +0200
committer GitHub <noreply@github.com> Wed Oct 08 18:25:40 2025 +0200
tree ca42571b511d5b00e75c78fcc37a88b4e88611a6
parent f133ca9df51d1f4051246f2b92c3baf6c89f3b62

Update oauth.py, fix scopes so that preferred_username actually works

app/endpoints/oauth.py

diff --git a/app/endpoints/oauth.py b/app/endpoints/oauth.py
index 4c70b4d..0344192 100644
--- a/app/endpoints/oauth.py
+++ b/app/endpoints/oauth.py
@@ -140,14 +140,14 @@
         return quart.Response(status=400, response="Unknown session, perhaps it expired? Please retry your login.")
 
     resp = client.do_access_token_request(
-        scope=["openid"],
+        scope=["openid", "profile", "email"],
         state=oidc_state,
         request_args={"code": oidc_code},
     )
     if isinstance(resp, oic.oic.message.AccessTokenResponse):  # Could be ErrorResponse, we don't want that...
         userinfo = client.do_user_info_request(state=oidc_state)
         if userinfo:
-            username = userinfo["username"]
+            username = userinfo["preferred_username"]
             committer = ldap.Committer(username)
             details = await committer.verify()
             if details: