vault: request groups scope in OIDC roles

terraform/vault/oidc.tf

@@ -26,6 +26,7 @@ resource "vault_jwt_auth_backend_role" "admin" {
   groups_claim = "groups"
   bound_claims = { groups = "admins" }
   role_type    = "oidc"
+  oidc_scopes  = ["openid", "profile", "email", "groups"]
 
   allowed_redirect_uris = [
     "https://vault.home.2rjus.net:8200/ui/vault/auth/oidc/oidc/callback",
@@ -41,6 +42,7 @@ resource "vault_jwt_auth_backend_role" "default" {
   user_claim   = "preferred_username"
   groups_claim = "groups"
   role_type    = "oidc"
+  oidc_scopes  = ["openid", "profile", "email", "groups"]
 
   allowed_redirect_uris = [
     "https://vault.home.2rjus.net:8200/ui/vault/auth/oidc/oidc/callback",