From fec6717a857ac830b03ea0a360d82dc0d908d943 Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Sun, 5 Apr 2026 13:10:53 +0200
Subject: [PATCH] feat: update default rolesClaim to 'roles' for Logto
 compatibility

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .../server/app/controller/OidcConfigAdminController.java        | 2 +-
 .../java/com/cameleer3/server/core/security/OidcConfig.java     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/OidcConfigAdminController.java b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/OidcConfigAdminController.java
index d7407c26..a7d500c6 100644
--- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/OidcConfigAdminController.java
+++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/OidcConfigAdminController.java
@@ -98,7 +98,7 @@ public class OidcConfigAdminController {
                 request.issuerUri() != null ? request.issuerUri() : "",
                 request.clientId() != null ? request.clientId() : "",
                 clientSecret,
-                request.rolesClaim() != null ? request.rolesClaim() : "realm_access.roles",
+                request.rolesClaim() != null ? request.rolesClaim() : "roles",
                 request.defaultRoles() != null ? request.defaultRoles() : List.of("VIEWER"),
                 request.autoSignup(),
                 request.displayNameClaim() != null ? request.displayNameClaim() : "name"
diff --git a/cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/OidcConfig.java b/cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/OidcConfig.java
index 0c7654f6..cbcc2888 100644
--- a/cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/OidcConfig.java
+++ b/cameleer3-server-core/src/main/java/com/cameleer3/server/core/security/OidcConfig.java
@@ -25,6 +25,6 @@ public record OidcConfig(
         String displayNameClaim
 ) {
     public static OidcConfig disabled() {
-        return new OidcConfig(false, "", "", "", "realm_access.roles", List.of("VIEWER"), true, "name");
+        return new OidcConfig(false, "", "", "", "roles", List.of("VIEWER"), true, "name");
     }
 }