vufind-org · demiankatz · Feb 28, 2025 · Mar 3, 2025 · Dec 8, 2025
diff --git a/config/vufind/PAIA.ini b/config/vufind/PAIA.ini
@@ -36,6 +36,16 @@ baseUrl = ""
 ;accountBlockNotificationsForMissingScopes[read_notifications] = "ILSMessages::no_read_notifications_scope"
 ;accountBlockNotificationsForMissingScopes[delete_notifications] = "ILSMessages::no_delete_notifications_scope"
 
+; Define additional scope constants from VuFind/ILS/Driver/PAIA.php for use here.
+; Basic scopes that are used (see function paiaLogin):
+; SCOPE_READ_PATRON, SCOPE_READ_FEES, SCOPE_READ_ITEM, SCOPE_WRITE_ITEMS, SCOPE_CHANGE_PASSWORD
+; additionalScopes[] = SCOPE_UPDATE_PATRON
+; additionalScopes[] = SCOPE_UPDATE_PATRON_NAME
+; additionalScopes[] = SCOPE_UPDATE_PATRON_EMAIL
+; additionalScopes[] = SCOPE_UPDATE_PATRON_ADDRESS
+; additionalScopes[] = SCOPE_READ_NOTIFICATIONS
+; additionalScopes[] = SCOPE_DELETE_NOTIFICATIONS
+
 ; A PAIA auth server acts as OAuth authorization server (RFC 6749) with
 ; password credentials grant, as defined in section 4.3 of OAuth specification,
 ; and/or client credentials grant, as defined in section 4.4 of the OAuth

diff --git a/module/VuFind/src/VuFind/ILS/Driver/PAIA.php b/module/VuFind/src/VuFind/ILS/Driver/PAIA.php
@@ -37,6 +37,7 @@
 use VuFind\Exception\Forbidden as ForbiddenException;
 use VuFind\Exception\ILS as ILSException;
 
+use function constant;
 use function count;
 use function in_array;
 use function is_array;
@@ -1873,6 +1874,11 @@ protected function paiaLogin($username, $password)
                 self::SCOPE_WRITE_ITEMS . ' ' .
                 self::SCOPE_CHANGE_PASSWORD;
 
+        // append additional scopes via config
+        foreach ((array)($this->config['PAIA']['additionalScopes'] ?? []) as $scope) {
+            $post_data['scope'] .= ' ' . constant("self::$scope");
+        }
+
         // perform full PAIA auth and get patron info
         $result = $this->httpService->post(
             $this->paiaURL . 'auth/login',