You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Pull requests must include at least one of the required labels: internal (no release notes required), highlight, enhancement, bug, deprecation, documentation. Except for internal, pull requests must also include a description in the release notes section.
This PR updates the default set of OAuth scopes used for OIDC device flow authentication to include the offline_access scope, in addition to the existing openid profile email scopes. This change ensures that OIDC providers are able to issue refresh tokens, enabling longer-lived sessions. The update is reflected in the documentation, the initialization of the authentication context using the updated scope, and the associated tests. A new unit test is also added to verify that when no custom scope is provided via environment variables, the default scope with offline_access is used. The modifications in the API client and test files guarantee that both the documented behavior and actual implementation are now aligned with the need to request refresh tokens from OIDC providers.
Test Suggestions
Run the new unit test to ensure that the default scope includes 'offline_access' when not overridden.
Manually test the device flow authentication process with an OIDC provider to confirm that refresh tokens are issued.
Verify that overriding the scope through environment variables still works correctly.
Check that documentation changes render correctly and match the actual behavior.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request Description
This adds 'offline_access' to the requested scopes on the validmind library oauth flow. This enables reauth after a timeout.
What and why?
How to test
What needs special review?
Dependencies, breaking changes, and deployment notes
Release notes
Checklist