Merge branch '510--openid-connect-group-claim' into 'master'

Resolve "[OpenID Connect] Group claim" Closes #510 See merge request !718

Merge branch '510--openid-connect-group-claim' into 'master'
eabf097d · Nik | Klampfradler · 35943230 · dd81c4a6 · eabf097d · eabf097d
Commit eabf097d authored 3 years ago by Nik | Klampfradler
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -12,6 +12,8 @@ Unreleased
 Added
 ~~~~~
+* OpenID connect scope and accompanying claim `groups`
 Fixed
 ~~~~~

--- a/aleksis/core/settings.py
+++ b/aleksis/core/settings.py
@@ -345,6 +345,7 @@ if _settings.get("oauth2.oidc.enabled", False):
            "address": _("Full home postal address"),
            "email": _("Email address"),
            "phone": _("Home and mobile phone"),
+            "groups": _("Groups"),
        }
    )

--- a/aleksis/core/util/auth_helpers.py
+++ b/aleksis/core/util/auth_helpers.py
@@ -77,6 +77,9 @@ class CustomOAuth2Validator(OAuth2Validator):
                "postal_code": request.user.person.postal_code,
            }
+        if "groups" in request.scopes and has_person(request.user):
+            claims["groups"] = request.user.person.groups.values_list("name", flat=True).all()
        return claims