2 files changed, 13 insertions, 4 deletions

diff --git a/config/config_defaults.inc.php b/config/config_defaults.inc.php
index d7caea7..7bbf4d5 100644
--- a/config/config_defaults.inc.php
+++ b/config/config_defaults.inc.php
@@ -342,13 +342,15 @@ $STUDIP_AUTH_CONFIG_GOOGLE = [
         'plugin_fullname'   => 'Google',
         'login_description' => 'Login with Google',
         'ssl_options'       => ['certPath' => null, 'verifyPeer' => true, 'verifyHost' => true],
-        'user_data_mapping' =>
-            ['auth_user_md5.username' => ['callback' => 'dummy', 'map_args' => ''],
+        'user_data_mapping' => [
+             'auth_user_md5.username' => ['callback' => 'dummy', 'map_args' => ''],
              'auth_user_md5.password' => ['callback' => 'dummy', 'map_args' => ''],
              'auth_user_md5.Email'    => ['callback' => 'getUserData', 'map_args' => 'email'],
              'auth_user_md5.Nachname' => ['callback' => 'getUserData', 'map_args' => 'family_name'],
              'auth_user_md5.Vorname'  => ['callback' => 'getUserData', 'map_args' => 'given_name']
-            ]
+        ],
+        // Enable the next line to allow setting your own scopes
+        // 'scopes' => []
     ];
 
 $STUDIP_AUTH_CONFIG_LTI = [
diff --git a/lib/classes/auth_plugins/StudipAuthOIDC.class.php b/lib/classes/auth_plugins/StudipAuthOIDC.class.php
index d09a3bf..7071e90 100644
--- a/lib/classes/auth_plugins/StudipAuthOIDC.class.php
+++ b/lib/classes/auth_plugins/StudipAuthOIDC.class.php
@@ -23,15 +23,22 @@ class StudipAuthOIDC extends StudipAuthSSO
      * @var string
      */
     public $provider_url;
+
     /**
      * @var string
      */
     public $client_id;
+
     /**
      * @var string
      */
     public $client_secret;
 
+    /**
+     * @var string[]
+     */
+    public $scopes = ['openid', 'email', 'profile'];
+
     private function getClient(): OpenIDConnectClient
     {
         if ($this->oidc === null) {
@@ -50,7 +57,7 @@ class StudipAuthOIDC extends StudipAuthSSO
 
             $return_url = URLHelper::getScriptURL($GLOBALS['ABSOLUTE_URI_STUDIP'] . 'index.php', ['sso' => $this->plugin_name, 'again' => 'yes']);
             $this->oidc->setRedirectURL($return_url);
-            $this->oidc->addScope(['openid', 'email', 'profile']);
+            $this->oidc->addScope($this->scopes);
         }
 
         return $this->oidc;