From f894a46487ec9e478bbf76a3ce9576a416bd906b Mon Sep 17 00:00:00 2001
From: Chris Patuzzo <chris@patuzzo.co.uk>
Date: Tue, 6 Feb 2024 16:53:30 +0000
Subject: [PATCH] Allow editor-api to request roles assigned to users (#918)

This is to support the Learning Management MVP. We need to determine
whether the user is a `school-owner`, `school-teacher` or
`school-student`.

More context:

https://raspberrypifoundation.slack.com/archives/C02JBAA2NFP/p1707153536934779?thread_ts=1707152297.160759&cid=C02JBAA2NFP
---
 CHANGELOG.md             | 1 +
 src/utils/userManager.js | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6875da660..f71c6f237 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Changed
 
 - Made `p5` canvas responsive to the available space (#887)
+- Specify the 'roles' scope in OAuth requests
 
 ### Fixed
 
diff --git a/src/utils/userManager.js b/src/utils/userManager.js
index a47ad42fe..59eefc9cd 100644
--- a/src/utils/userManager.js
+++ b/src/utils/userManager.js
@@ -10,7 +10,7 @@ const userManagerConfig = {
   redirect_uri: `${host}/auth/callback`,
   post_logout_redirect_uri: host,
   response_type: "code",
-  scope: "openid email profile force-consent allow-u13-login",
+  scope: "openid email profile force-consent allow-u13-login roles",
   authority: process.env.REACT_APP_AUTHENTICATION_URL,
   silent_redirect_uri: `${host}/auth/silent_renew`,
   automaticSilentRenew: true,