From ddea9c66996cf32e339a233e3e6b11306099b0e3 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Tue, 6 Feb 2024 13:56:04 +1000
Subject: [PATCH] Support SPN in groups claim (#2474)

---
 server/lib/src/idm/oauth2.rs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/server/lib/src/idm/oauth2.rs b/server/lib/src/idm/oauth2.rs
index e56a2990c..dde4a250d 100644
--- a/server/lib/src/idm/oauth2.rs
+++ b/server/lib/src/idm/oauth2.rs
@@ -2472,7 +2472,14 @@ fn extra_claims_for_account(
     if scopes.contains(&"groups".to_string()) {
         extra_claims.insert(
             "groups".to_string(),
-            account.groups.iter().map(|x| x.to_proto().uuid).collect(),
+            account
+                .groups
+                .iter()
+                .flat_map(|x| {
+                    let proto_group = x.to_proto();
+                    [proto_group.spn, proto_group.uuid]
+                })
+                .collect(),
         );
     }