# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1682166176 -7200
# Node ID 0905d348bd34123ea6af784f4cfca95db35156aa
# Parent  eda3b078ba2cac040282398bb3999ac663c72153
mod_http_oauth2: Include additional OpenID scopes in metadata

Drops fallback because this module probably doesn't work with Prosody
before the role stuff anyway.

diff -r eda3b078ba2c -r 0905d348bd34 mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sat Apr 22 14:02:56 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sat Apr 22 14:22:56 2023 +0200
@@ -869,8 +869,7 @@
 				token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil;
 				jwks_uri = nil; -- TODO?
 				registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil;
-				scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))):push("openid")
-					or { "prosody:restricted"; "prosody:user"; "prosody:admin"; "prosody:operator"; "openid" };
+				scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles(module.host))):append(array(openid_claims:items()));
 				response_types_supported = array(it.keys(response_type_handlers));
 				authorization_response_iss_parameter_supported = true;