From f17d8092194a022125570ede214168b8c98dac06 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sat, 26 Dec 2020 21:18:16 +0100
Subject: [PATCH] providers/oauth2: add scopes_supported to discovery endpoint

---
 authentik/providers/oauth2/views/provider.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/authentik/providers/oauth2/views/provider.py b/authentik/providers/oauth2/views/provider.py
index 7a72d7fad..28c983374 100644
--- a/authentik/providers/oauth2/views/provider.py
+++ b/authentik/providers/oauth2/views/provider.py
@@ -7,7 +7,7 @@ from django.views import View
 from structlog import get_logger
 
 from authentik.core.models import Application
-from authentik.providers.oauth2.constants import ACR_AUTHENTIK_DEFAULT
+from authentik.providers.oauth2.constants import ACR_AUTHENTIK_DEFAULT, SCOPE_OPENID
 from authentik.providers.oauth2.models import OAuth2Provider
 
 LOGGER = get_logger()
@@ -56,6 +56,10 @@ class ProviderInfoView(View):
                 "client_secret_basic",
             ],
             "acr_values_supported": [ACR_AUTHENTIK_DEFAULT],
+            "scopes_supported": [
+                # We only advertise the 'openid' scope, as the rest vary depending on application
+                SCOPE_OPENID,
+            ],
         }
 
     # pylint: disable=unused-argument