fix: added password policy scope to auth

NethServer · Feb 23, 2024 · cd37628 · cd37628
1 parent 80b78f0
commit cd37628
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/imageroot/api-moduled/handlers/login/post b/imageroot/api-moduled/handlers/login/post
@@ -38,10 +38,10 @@ oclaims = {
 if proc_whoami.returncode == 49 and "Password expired" in proc_whoami.stderr:
     # Password must be changed immediately: return a token limited to
     # password changing:
-    oclaims["scope"] = ["change-password"]
+    oclaims["scope"] = ["change-password", "get-password-policy"]
 elif proc_whoami.returncode != 0:
     sys.exit(3) # Login failed
 elif "domain admins" not in oclaims["groups"]:
-    oclaims["scope"] = ["change-password"]
+    oclaims["scope"] = ["change-password", "get-password-policy"]
 
 json.dump(oclaims, fp=sys.stdout)