From 1b58e4169a6b570c0175cdda24c5df839363803b Mon Sep 17 00:00:00 2001
From: CEbbinghaus <git@cebbinghaus.com>
Date: Fri, 1 Nov 2024 12:59:27 +1100
Subject: [PATCH] chore: Made oauth2 scopes required in CLI (#3165)

---
 book/src/integrations/oauth2.md | 8 ++++++--
 tools/cli/src/opt/kanidm.rs     | 2 +-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/book/src/integrations/oauth2.md b/book/src/integrations/oauth2.md
index 655055546..34bf202af 100644
--- a/book/src/integrations/oauth2.md
+++ b/book/src/integrations/oauth2.md
@@ -210,7 +210,7 @@ You can create a scope map with:
 
 ```bash
 kanidm system oauth2 update-scope-map <name> <kanidm_group_name> [scopes]...
-kanidm system oauth2 update-scope-map nextcloud nextcloud_admins admin
+kanidm system oauth2 update-scope-map nextcloud nextcloud_users email profile openid
 ```
 
 > [!TIP]
@@ -225,13 +225,17 @@ kanidm system oauth2 update-scope-map nextcloud nextcloud_admins admin
 > - **email** - email, email_verified
 > - **address** - address
 > - **phone** - phone_number, phone_number_verified
+> - **groups** - groups
 
 <!-- this is just to split the templates up -->
 
 > [!WARNING]
 >
-> If you are creating an OpenID Connect (OIDC) client you **MUST** provide a scope map named
+> If you are creating an OpenID Connect (OIDC) client you **MUST** provide a scope map containing
 > `openid`. Without this, OpenID Connect clients **WILL NOT WORK**!
+> ```bash
+> kanidm system oauth2 update-scope-map nextcloud nextcloud_users openid
+> ```
 
 You can create a supplemental scope map with:
 
diff --git a/tools/cli/src/opt/kanidm.rs b/tools/cli/src/opt/kanidm.rs
index 7b3ba4180..4cd7a485b 100644
--- a/tools/cli/src/opt/kanidm.rs
+++ b/tools/cli/src/opt/kanidm.rs
@@ -943,7 +943,7 @@ pub struct Oauth2CreateScopeMapOpt {
     nopt: Named,
     #[clap(name = "group")]
     group: String,
-    #[clap(name = "scopes")]
+    #[clap(name = "scopes", required = true)]
     scopes: Vec<String>,
 }