From 6f44841deb0976cced3b4806cec58f2f68248684 Mon Sep 17 00:00:00 2001
From: Thomas Tracy <contact@tjtracy.com>
Date: Wed, 15 Sep 2021 09:17:51 -0400
Subject: [PATCH] [feat] Add user_id scope to credentialsApiClient (#28737)

Now that we're actively using the LMS_USER_ID inside credentials to
identify users, we need to make sure that users created by
notify_credentials are including it in the jwt scopes when authenticated
with credentials.
---
 openedx/core/djangoapps/credentials/utils.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/openedx/core/djangoapps/credentials/utils.py b/openedx/core/djangoapps/credentials/utils.py
index 1d7b70c205..badebc152c 100644
--- a/openedx/core/djangoapps/credentials/utils.py
+++ b/openedx/core/djangoapps/credentials/utils.py
@@ -34,7 +34,8 @@ def get_credentials_api_client(user, org=None):
         org (str): Optional organization to look up the site config for, rather than the current request
 
     """
-    jwt = create_jwt_for_user(user)
+    scopes = ['email', 'profile', 'user_id']
+    jwt = create_jwt_for_user(user, scopes=scopes)
 
     if org is None:
         url = CredentialsApiConfig.current().internal_api_url  # by current request