# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1677962160 -3600
# Node ID eb8b3a068ecc865e282fd98db2dbed4c618b591b
# Parent  c60cff787d6a80b6ca27706003b1515efae4fc8a
mod_http_oauth2: Return list of active roles in discovery

Relies on Prosody trunk rev cdb996637b08

Better than a hardcoded list

diff -r c60cff787d6a -r eb8b3a068ecc mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Sat Mar 04 21:24:35 2023 +0100
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sat Mar 04 21:36:00 2023 +0100
@@ -478,7 +478,8 @@
 				token_endpoint = handle_token_grant and module:http_url() .. "/token" or nil;
 				jwks_uri = nil; -- TODO?
 				registration_endpoint = handle_register_request and module:http_url() .. "/register" or nil;
-				scopes_supported = { "prosody:restricted"; "prosody:user"; "prosody:admin"; "prosody:operator" };
+				scopes_supported = usermanager.get_all_roles and array(it.keys(usermanager.get_all_roles()))
+					or { "prosody:restricted"; "prosody:user"; "prosody:admin"; "prosody:operator" };
 				response_types_supported = array(it.keys(response_type_handlers));
 				authorization_response_iss_parameter_supported = true;
 			};