Add groups scope option & fixup features.include_groups_scope (#42)

custom_components/auth_oidc/__init__.py

@@ -16,6 +16,7 @@ from .config import (
     DISCOVERY_URL,
     DISPLAY_NAME,
     ID_TOKEN_SIGNING_ALGORITHM,
+    GROUPS_SCOPE,
     FEATURES,
     CLAIMS,
     ROLES,
@@ -53,12 +54,20 @@ async def async_setup(hass: HomeAssistant, config):
 
     _LOGGER.info("Registered OIDC provider")
 
-    # We only use openid, profile & groups, never email
-    include_groups_scope = my_config[FEATURES].get(FEATURES_INCLUDE_GROUPS_SCOPE, True)
+    # Set the correct scopes
+    # Always use 'openid' & 'profile' as they are specified in the OIDC spec
+    # All servers should support this
     scope = "openid profile"
-    if include_groups_scope:
-        scope += " groups"
 
+    # Include groups if requested (default is to include 'groups'
+    # as a scope for Authelia & Authentik)
+    features_config = my_config.get(FEATURES, {})
+    include_groups_scope = features_config.get(FEATURES_INCLUDE_GROUPS_SCOPE, True)
+    groups_scope = my_config.get(GROUPS_SCOPE, "groups")
+    if include_groups_scope:
+        scope += " " + groups_scope
+
+    # Create the OIDC client
     oidc_client = oidc_client = OIDCClient(
         hass=hass,
         discovery_url=my_config.get(DISCOVERY_URL),