fix(oidc): revert default scope to 'openid email profile'

Removes 'groups' from the default OIDC_SCOPE fallback, which caused invalid_scope errors with providers that don't support it (e.g. Google). Fixes #391
2026-04-04 12:53:12 +02:00
parent 2469739bca
commit 50d2a211e5
1 changed files with 1 additions and 1 deletions
--- a/server/src/routes/oidc.ts
+++ b/server/src/routes/oidc.ts
@@ -43,7 +43,7 @@ router.get('/login', async (req: Request, res: Response) => {
      response_type: 'code',
      client_id: config.clientId,
      redirect_uri: redirectUri,
-      scope: process.env.OIDC_SCOPE || 'openid email profile groups',
+      scope: process.env.OIDC_SCOPE || 'openid email profile',
      state,
    });