fix: default openid scope for keycloak (#684)

atymic · web-flow · commit 889c025cb342 · 2021-06-03T08:42:34.000+10:00
diff --git a/Provider.php b/Provider.php
@@ -15,6 +15,8 @@ class Provider extends AbstractProvider
 
     protected $scopeSeparator = ' ';
 
+    protected $scopes = ['openid'];
+
     public static function additionalConfigKeys()
     {
         return ['base_url', 'realms'];
diff --git a/README.md b/README.md
@@ -42,3 +42,13 @@ You should now be able to use the provider like you would regularly use Socialit
 ```php
 return Socialite::driver('keycloak')->redirect();
 ```
+
+#### Keycloak <= 3.2
+
+Keycloak below v3.2 requires no scopes to be set. Later versions require the `openid` scope for all requests.
+
+```php
+return Socialite::driver('keycloak')->scopes([])->redirect();
+```
+
+See [the upgrade guide](https://www.keycloak.org/docs/12.0/upgrading/#migrating-to-3-2-0).

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,8 @@ class Provider extends AbstractProvider`
`15`	`15`
`16`	`16`	`protected $scopeSeparator = ' ';`
`17`	`17`
	`18`	`+ protected $scopes = ['openid'];`
	`19`	`+`
`18`	`20`	`public static function additionalConfigKeys()`
`19`	`21`	`{`
`20`	`22`	`return ['base_url', 'realms'];`