feat: add environment variable to overwrite oidc scopes

src/utils/auth/oidc.ts

@@ -20,13 +20,17 @@ const provider: OAuthConfig<Profile> = {
   clientId: env.AUTH_OIDC_CLIENT_ID,
   clientSecret: env.AUTH_OIDC_CLIENT_SECRET,
   wellKnown: `${env.AUTH_OIDC_URI}/.well-known/openid-configuration`,
-  authorization: { params: { scope: 'openid email profile groups' } },
+  authorization: { params: { scope: env.AUTH_OIDC_SCOPE_OVERWRITE } },
   idToken: true,
   async profile(profile) {
     const user = await adapter.getUserByEmail!(profile.email);
 
-    const isAdmin = profile.groups.includes(env.AUTH_OIDC_ADMIN_GROUP);
-    const isOwner = profile.groups.includes(env.AUTH_OIDC_OWNER_GROUP);
+    if (!profile.groups) {
+      Consola.warn('no groups found in profile of oidc user');
+    }
+
+    const isAdmin = profile.groups?.includes(env.AUTH_OIDC_ADMIN_GROUP);
+    const isOwner = profile.groups?.includes(env.AUTH_OIDC_OWNER_GROUP);
 
     // check for role update
     if (user && (user.isAdmin != isAdmin || user.isOwner != isOwner)) {