fix

modules/server/containers/data/authentik/homepage.yaml

@@ -5,6 +5,16 @@ metadata:
     app: immich
 
 entries:
+  - model: authentik_providers_oauth2.scopemapping
+    identifiers:
+      name: "Homepage Custom Scope: Groups"
+    attrs:
+      scope_name: "groups"
+      description: "Pass user groups array to Homepage for conditional element rendering"
+      expression: |
+        return {
+            "groups": [group.name for group in request.user.ak_groups.all()]
+        }
   # 1. Create the OAuth2/OIDC Provider
   - model: authentik_providers_oauth2.oauth2provider
     identifiers:
@@ -21,7 +31,6 @@ entries:
         !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
       client_type: "confidential"
       client_id: "homepage"
-
       client_secret: !Env HOMEPAGE_VAR_OAUTH_SECRET
       access_code_validity: "minutes=5"
       token_validity: "days=30"
@@ -47,7 +56,7 @@ entries:
           ]
         - !Find [
             authentik_providers_oauth2.scopemapping,
-            [name, "authentik default OAuth Mapping: OpenID 'group'"],
+            [name, "Homepage Custom Scope: Groups"],
           ]
 
   # 2. Create the Application and link it to the Provider

modules/server/containers/data/authentik/immich.yaml

@@ -48,10 +48,6 @@ entries:
             authentik_providers_oauth2.scopemapping,
             [name, "authentik default OAuth Mapping: OpenID 'profile'"],
           ]
-        - !Find [
-            authentik_providers_oauth2.scopemapping,
-            [name, "authentik default OAuth Mapping: OpenID 'group'"],
-          ]
 
   - model: authentik_core.application
     identifiers: