From 315a0dbc9465073077c96d5bd5c227224e570fa3 Mon Sep 17 00:00:00 2001
From: Nicola Tarocco <ntarocco@gmail.com>
Date: Fri, 5 May 2023 16:27:53 +0200
Subject: [PATCH] auth: add missing scope to token request for CERN SSO

---
 app-config/auth-service/auth_service/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-config/auth-service/auth_service/__init__.py b/app-config/auth-service/auth_service/__init__.py
index 1f8d34ba..9cf81049 100644
--- a/app-config/auth-service/auth_service/__init__.py
+++ b/app-config/auth-service/auth_service/__init__.py
@@ -57,7 +57,7 @@ class Authentication(BaseHandler, OIDCClientMixin):
         async with self.get_oidc_client() as oidc_cli:
             redirect_uri = f'{self.request.protocol}://{self.request.host}/auth/authorize'
             LOG.info(f'Redirecting to the authorization url. Will return to {redirect_uri}')
-            return self.redirect(oidc_cli.authorization_url(redirect_uri=redirect_uri))
+            return self.redirect(oidc_cli.authorization_url(redirect_uri=redirect_uri, scope="openid"))
 
 
 class Authorization(BaseHandler, OIDCClientMixin):