From 3b82d4889e3875c8afb422aa7a63388a588e4d2b Mon Sep 17 00:00:00 2001 From: AnatolyK Date: Tue, 26 May 2026 19:28:40 +0300 Subject: [PATCH] fix(theme): request 'groups' OIDC scope in OpenCloud theme Override openIdConnectScopes() in OpenCloudTheme to include the "groups" scope alongside the default openid/offline_access/email/profile set. IDPs that scope-gate their group claim (Authelia, Keycloak and Authentik in default config) only emit it when the corresponding scope is requested in the authorization request. Without it, server-side role mapping via PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM=groups fails with "no roles in user claims" and login dies on the post-OAuth user-info step with "Failed to get user info from server". Stopgap until #847 (webfinger-based OIDC parameter discovery) lands upstream. Refs opencloud-eu/desktop#217. Co-Authored-By: Claude Opus 4.7 --- src/libsync/opencloudtheme.cpp | 8 ++++++++ src/libsync/opencloudtheme.h | 1 + 2 files changed, 9 insertions(+) diff --git a/src/libsync/opencloudtheme.cpp b/src/libsync/opencloudtheme.cpp index 4da2e9e48c..44e8712af7 100644 --- a/src/libsync/opencloudtheme.cpp +++ b/src/libsync/opencloudtheme.cpp @@ -50,4 +50,12 @@ QmlButtonColor OpenCloudTheme::secondaryButtonColor() const { return {"#CA8DF5", "#19353F", "#B0B0B0"}; } + +QString OpenCloudTheme::openIdConnectScopes() const +{ + // Include "groups" so IDPs whose group claim is scope-gated (Authelia, + // default-config Keycloak, Authentik) emit it, enabling server-side + // role mapping via PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM. See issue #217. + return QStringLiteral("openid offline_access email profile groups"); +} } diff --git a/src/libsync/opencloudtheme.h b/src/libsync/opencloudtheme.h index f8667142e9..111429bc55 100644 --- a/src/libsync/opencloudtheme.h +++ b/src/libsync/opencloudtheme.h @@ -27,5 +27,6 @@ class OpenCloudTheme : public Theme QIcon wizardHeaderLogo() const override; QmlButtonColor primaryButtonColor() const override; QmlButtonColor secondaryButtonColor() const override; + QString openIdConnectScopes() const override; }; }