From 52fb7accac55017b4954f51155c0962e55dcf47b Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Wed, 17 Sep 2025 17:45:46 +0200
Subject: [PATCH] Disabled unnecessary variables temporary to make debugging
 easier and solved oidc bugs

---
 roles/web-app-xwiki/templates/xwiki.properties.j2 | 7 ++++---
 roles/web-app-xwiki/vars/main.yml                 | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/roles/web-app-xwiki/templates/xwiki.properties.j2 b/roles/web-app-xwiki/templates/xwiki.properties.j2
index f935f730..6a939779 100644
--- a/roles/web-app-xwiki/templates/xwiki.properties.j2
+++ b/roles/web-app-xwiki/templates/xwiki.properties.j2
@@ -7,6 +7,7 @@ xwiki.url.port={{ WEB_PORT }}
 # OIDC
 # Render this block only while the OIDC switch is ON in _flush_config.yml.
 # During bootstrap we keep it OFF to avoid ClassNotFoundException before the extension is installed.
+# @see https://extensions.xwiki.org/xwiki/bin/view/Extension/OpenID%20Connect/OpenID%20Connect%20Authenticator/
 {% if xwiki_oidc_enabled_switch | bool %}
 oidc.showLoginButton=true
 oidc.provider={{ XWIKI_OIDC_PROVIDER }}
@@ -18,9 +19,9 @@ oidc.clientid={{ XWIKI_OIDC_CLIENT_ID }}
 oidc.secret={{ XWIKI_OIDC_CLIENT_SECRET }}
 oidc.scope={{ XWIKI_OIDC_SCOPES }}
 oidc.enableUser=true
-oidc.userinfoclaims={{ XWIKI_OIDC_GROUPS_CLAIM }}
-oidc.groups.claim={{ XWIKI_OIDC_GROUPS_CLAIM }}
-oidc.groups.mapping=XWiki.XWikiAdminGroup={{ XWIKI_OIDC_ADMIN_PROVIDER_GROUP }}
+#oidc.userinfoclaims={{ XWIKI_OIDC_GROUPS_CLAIM }}
+#oidc.groups.claim={{ XWIKI_OIDC_GROUPS_CLAIM }}
+#oidc.groups.mapping=XWiki.XWikiAdminGroup={{ XWIKI_OIDC_ADMIN_PROVIDER_GROUP }}
 {% endif %}
 
 # Start DW automatically and non-interactively
diff --git a/roles/web-app-xwiki/vars/main.yml b/roles/web-app-xwiki/vars/main.yml
index 53e428f7..2803e988 100644
--- a/roles/web-app-xwiki/vars/main.yml
+++ b/roles/web-app-xwiki/vars/main.yml
@@ -63,7 +63,7 @@ XWIKI_OIDC_USERINFO:                  "{{ OIDC.CLIENT.USER_INFO_URL }}"
 XWIKI_OIDC_LOGOUT:                    "{{ OIDC.CLIENT.LOGOUT_URL }}"
 XWIKI_OIDC_CLIENT_ID:                 "{{ OIDC.CLIENT.ID }}"
 XWIKI_OIDC_CLIENT_SECRET:             "{{ OIDC.CLIENT.SECRET }}"
-XWIKI_OIDC_SCOPES:                    "openid email profile {{ RBAC.GROUP.CLAIM }}"
+XWIKI_OIDC_SCOPES:                    "openid,email,profile,{{ RBAC.GROUP.CLAIM }}"
 XWIKI_OIDC_GROUPS_CLAIM:              "{{ RBAC.GROUP.CLAIM }}"
 XWIKI_OIDC_ADMIN_PROVIDER_GROUP:      "{{ [RBAC.GROUP.NAME, XWIKI_ADMIN_GROUP] | path_join }}"