From 6e2ed65c5b936a41f9585853a831a7b2fc381192 Mon Sep 17 00:00:00 2001
From: Tom Teichler <t.teichler@babiel.com>
Date: Sun, 26 Sep 2021 17:39:22 +0200
Subject: [PATCH] Allow to request groups

---
 aleksis/core/settings.py          | 1 +
 aleksis/core/util/auth_helpers.py | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/aleksis/core/settings.py b/aleksis/core/settings.py
index fbd436ae1..3c8f46e5f 100644
--- a/aleksis/core/settings.py
+++ b/aleksis/core/settings.py
@@ -345,6 +345,7 @@ if _settings.get("oauth2.oidc.enabled", False):
             "address": _("Full home postal address"),
             "email": _("Email address"),
             "phone": _("Home and mobile phone"),
+            "groups": _("Groups"),
         }
     )
 
diff --git a/aleksis/core/util/auth_helpers.py b/aleksis/core/util/auth_helpers.py
index 8caea1659..245c233aa 100644
--- a/aleksis/core/util/auth_helpers.py
+++ b/aleksis/core/util/auth_helpers.py
@@ -77,6 +77,10 @@ class CustomOAuth2Validator(OAuth2Validator):
                 "postal_code": request.user.person.postal_code,
             }
 
+        if "groups" in request.scopes and has_person(request.user):
+            for group in request.user.person.groups.all():
+                claims["groups"].append(group.name)
+
         return claims
 
 
-- 
GitLab