add claim

id.saladeaula.digital/app/routes/authorize.py

@@ -9,11 +9,11 @@ from aws_lambda_powertools.event_handler.exceptions import (
     ServiceError,
 )
 from joserfc.errors import JoseError
-from layercake.dynamodb import DynamoDBPersistenceLayer, KeyPair, SortKey
+from layercake.dynamodb import DynamoDBPersistenceLayer, KeyPair
 
 from boto3clients import dynamodb_client
-from config import OAUTH2_DEFAULT_SCOPES, USER_TABLE
-from oauth2 import server
+from config import USER_TABLE
+from oauth2 import get_user_scope, server
 from util import parse_cookies
 
 router = Router()
@@ -44,7 +44,7 @@ def authorize():
             request=router.current_event,
             end_user=user_id,
         )
-        user_scopes = _user_scopes(user_id)
+        user_scopes = get_user_scope(user_id)
         client_scopes = set(scope_to_list(grant.client.scope))
 
         # Deny authorization if user lacks scopes requested by client
@@ -67,18 +67,3 @@ def authorize():
         )
     else:
         return response
-
-
-def _user_scopes(user_id: str) -> set:
-    return OAUTH2_DEFAULT_SCOPES | set(
-        scope_to_list(
-            dyn.collection.get_item(
-                KeyPair(
-                    pk=user_id,
-                    sk=SortKey(sk='SCOPE', path_spec='scope'),
-                ),
-                raise_on_error=False,
-                default='',
-            )
-        )
-    )