Disabled unnecessary variables temporary to make debugging easier and solved oidc bugs

roles/web-app-xwiki/templates/xwiki.properties.j2

@@ -7,6 +7,7 @@ xwiki.url.port={{ WEB_PORT }}
 # OIDC
 # Render this block only while the OIDC switch is ON in _flush_config.yml.
 # During bootstrap we keep it OFF to avoid ClassNotFoundException before the extension is installed.
+# @see https://extensions.xwiki.org/xwiki/bin/view/Extension/OpenID%20Connect/OpenID%20Connect%20Authenticator/
 {% if xwiki_oidc_enabled_switch | bool %}
 oidc.showLoginButton=true
 oidc.provider={{ XWIKI_OIDC_PROVIDER }}
@@ -18,9 +19,9 @@ oidc.clientid={{ XWIKI_OIDC_CLIENT_ID }}
 oidc.secret={{ XWIKI_OIDC_CLIENT_SECRET }}
 oidc.scope={{ XWIKI_OIDC_SCOPES }}
 oidc.enableUser=true
-oidc.userinfoclaims={{ XWIKI_OIDC_GROUPS_CLAIM }}
-oidc.groups.claim={{ XWIKI_OIDC_GROUPS_CLAIM }}
-oidc.groups.mapping=XWiki.XWikiAdminGroup={{ XWIKI_OIDC_ADMIN_PROVIDER_GROUP }}
+#oidc.userinfoclaims={{ XWIKI_OIDC_GROUPS_CLAIM }}
+#oidc.groups.claim={{ XWIKI_OIDC_GROUPS_CLAIM }}
+#oidc.groups.mapping=XWiki.XWikiAdminGroup={{ XWIKI_OIDC_ADMIN_PROVIDER_GROUP }}
 {% endif %}
 
 # Start DW automatically and non-interactively

roles/web-app-xwiki/vars/main.yml

@@ -63,7 +63,7 @@ XWIKI_OIDC_USERINFO:                  "{{ OIDC.CLIENT.USER_INFO_URL }}"
 XWIKI_OIDC_LOGOUT:                    "{{ OIDC.CLIENT.LOGOUT_URL }}"
 XWIKI_OIDC_CLIENT_ID:                 "{{ OIDC.CLIENT.ID }}"
 XWIKI_OIDC_CLIENT_SECRET:             "{{ OIDC.CLIENT.SECRET }}"
-XWIKI_OIDC_SCOPES:                    "openid email profile {{ RBAC.GROUP.CLAIM }}"
+XWIKI_OIDC_SCOPES:                    "openid,email,profile,{{ RBAC.GROUP.CLAIM }}"
 XWIKI_OIDC_GROUPS_CLAIM:              "{{ RBAC.GROUP.CLAIM }}"
 XWIKI_OIDC_ADMIN_PROVIDER_GROUP:      "{{ [RBAC.GROUP.NAME, XWIKI_ADMIN_GROUP] | path_join }}"