Merge remote-tracking branch 'upstream/pull/4226'

config/initializers/doorkeeper.rb

@@ -225,7 +225,7 @@ Doorkeeper.configure do
   # https://doorkeeper.gitbook.io/guides/ruby-on-rails/scopes
 
   # default_scopes  :public
-  optional_scopes(*Oauth::SCOPES, *Oauth::PRIVILEGED_SCOPES)
+  optional_scopes(*Oauth::SCOPES, *Oauth::PRIVILEGED_SCOPES, *Oauth::OAUTH2_SCOPES)
 
   # Allows to restrict only certain scopes for grant_type.
   # By default, all the scopes will be available for all the grant types.

config/initializers/doorkeeper_openid_connect.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+Doorkeeper::OpenidConnect.configure do
+  issuer do |_resource_owner, _application|
+    "#{Settings.server_protocol}://#{Settings.server_url}"
+  end
+
+  signing_key Settings.doorkeeper_signing_key
+
+  subject_types_supported [:public]
+
+  resource_owner_from_access_token do |access_token|
+    User.find_by(:id => access_token.resource_owner_id)
+  end
+
+  auth_time_from_resource_owner do |resource_owner|
+    # empty block necessary as a workaround to missing configuration
+    # when no auth_time claim is provided
+  end
+
+  subject do |resource_owner, _application|
+    resource_owner.id
+  end
+
+  protocol do
+    Settings.server_protocol.to_sym
+  end
+
+  claims do
+    claim :preferred_username, :scope => :openid do |resource_owner, _scopes, _access_token|
+      resource_owner.display_name
+    end
+
+    claim :email, :scope => :read_email, :response => [:id_token, :user_info] do |resource_owner, _scopes, _access_token|
+      resource_owner.email
+    end
+  end
+end