From 4341656a5ef4ea9580fcb008d673549aab2a87be Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Fri, 10 Apr 2026 15:37:53 +0200
Subject: [PATCH] refactor: remove additionalScopes from OIDC config push

Server now hardcodes Logto org scopes in the auth flow, so the
provisioner no longer needs to push them via OIDC config.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .../siegeln/cameleer/saas/vendor/VendorTenantService.java   | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/src/main/java/net/siegeln/cameleer/saas/vendor/VendorTenantService.java b/src/main/java/net/siegeln/cameleer/saas/vendor/VendorTenantService.java
index 7b197cf..4a8a1d5 100644
--- a/src/main/java/net/siegeln/cameleer/saas/vendor/VendorTenantService.java
+++ b/src/main/java/net/siegeln/cameleer/saas/vendor/VendorTenantService.java
@@ -142,11 +142,7 @@ public class VendorTenantService {
                             "defaultRoles", List.of("VIEWER"),
                             "displayNameClaim", "name",
                             "rolesClaim", "roles",
-                            "audience", "https://api.cameleer.local",
-                            "additionalScopes", List.of(
-                                "urn:logto:scope:organizations",
-                                "urn:logto:scope:organization_roles"
-                            )
+                            "audience", "https://api.cameleer.local"
                         ));
                         log.info("Pushed OIDC config to server for tenant {}", tenant.getSlug());
                     } catch (Exception e) {