From a21c9b2360da23cba3716dc86f600609404df333 Mon Sep 17 00:00:00 2001
From: Nuwan Goonasekera <2070605+nuwang@users.noreply.github.com>
Date: Wed, 20 Dec 2023 18:20:04 +0530
Subject: [PATCH] Also update oidc_scope_prefix description in
 config_schema.yml

---
 lib/galaxy/config/schemas/config_schema.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/galaxy/config/schemas/config_schema.yml b/lib/galaxy/config/schemas/config_schema.yml
index 4f8c649bac4f..d959b5905690 100644
--- a/lib/galaxy/config/schemas/config_schema.yml
+++ b/lib/galaxy/config/schemas/config_schema.yml
@@ -2910,7 +2910,11 @@ mapping:
         desc: |
           Sets the prefix for OIDC scopes specific to this Galaxy instance.
           If an API call is made against this Galaxy instance using an OIDC bearer token,
-          it must include a scope with "<prefix>:*". e.g "https://galaxyproject.org/api:*"
+          any scopes must be prefixed with this value e.g. https://galaxyproject.org/api.
+          More concretely, to request all permissions that the user has, the scope
+          would have to be specified as "<prefix>:*". e.g "https://galaxyproject.org/api:*".
+          Currently, only * is recognised as a valid scope, and future iterations may
+          provide more fine-grained scopes.
 
       auth_config_file:
         type: str