From 2131fe5d368aec6d1d40ac0ddcf977d250c179dc Mon Sep 17 00:00:00 2001
From: Baptiste Roux <32563450+BapRx@users.noreply.github.com>
Date: Wed, 1 Jan 2025 16:28:48 +0100
Subject: [PATCH] fix: group mapping (#13)

---
 custom_components/auth_oidc/__init__.py | 4 ++--
 custom_components/auth_oidc/provider.py | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/custom_components/auth_oidc/__init__.py b/custom_components/auth_oidc/__init__.py
index 5ed6bd2..18b02eb 100644
--- a/custom_components/auth_oidc/__init__.py
+++ b/custom_components/auth_oidc/__init__.py
@@ -50,8 +50,8 @@ async def async_setup(hass: HomeAssistant, config):
 
     _LOGGER.info("Registered OIDC provider")
 
-    # We only use openid & profile, never email
-    scope = "openid profile"
+    # We only use openid, profile & groups, never email
+    scope = "openid profile groups"
 
     oidc_client = oidc_client = OIDCClient(
         discovery_url=my_config.get(DISCOVERY_URL),
diff --git a/custom_components/auth_oidc/provider.py b/custom_components/auth_oidc/provider.py
index f9ebb91..ae6acaa 100644
--- a/custom_components/auth_oidc/provider.py
+++ b/custom_components/auth_oidc/provider.py
@@ -259,7 +259,7 @@ class OpenIDAuthProvider(AuthProvider):
         sub = credentials.data["sub"]
         meta = self._user_meta.get(sub, {})
 
-        groups = meta.get("groups", [])
+        groups = meta.get("groups") or []
 
         # TODO: Allow setting which group is for admins
         group = "system-admin" if "admins" in groups else "system-users"