From 433ff0a4115fc7741cbb1e01931090988e003c06 Mon Sep 17 00:00:00 2001
From: Paul F Bugni <pbugni@uw.edu>
Date: Tue, 24 Dec 2024 10:02:35 -0800
Subject: [PATCH] Add realm_access.roles from JWT claims (keep in parity with
 front-end)

---
 patientsearch/api.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/patientsearch/api.py b/patientsearch/api.py
index eea163fc..373fa2ec 100644
--- a/patientsearch/api.py
+++ b/patientsearch/api.py
@@ -109,7 +109,11 @@ def current_user_info(token):
         DEA = oidc.user_getfield("DEA")
     except Exception:
         DEA = "unknown"
-    return {"username": username, "DEA": DEA}
+    try:
+        roles = oidc.user_getfield("realm_access")["roles"]
+    except Exception:
+        roles = []
+    return {"username": username, "DEA": DEA, "roles": roles}
 
 
 @api_blueprint.route("/home", methods=["GET"])